Missing Authorization

Jenkins is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check on viewing encrypted credential data, which allows attackers with only View/Read permissions to access and view encrypted password values in views...

CVE-2023-53873

SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service...

CVE-2025-67636

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

PT-2025-3029 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.7.2 macOS Sequoia versions prior to 15.2 macOS Ventura versions prior to 13.7.2 Description: A privacy issue was addressed with improved private data redaction for log entries. This issue may allow an app to...

Weak Cryptography

jose4j is vulnerable to Weak Cryptography. The vulnerability is present in Pbes2HmacShaWithAesKeyWrapAlgorithm.java due to the ability to set a small iteration count when using the PBE Password-Based Encryption algorithm. This weakness enables an attacker to determine hashed password values...

pipeline-build-step: Password parameter default values exposed

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...

CVE-2022-25184

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...

CVE-2022-25184

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

No description provided by source. "Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

"Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1 CVE-2014-4311 Password values not mask...