EUVD-2022-7362

Malicious code in bioql PyPI...

Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form

Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. While these API keys are stored encrypted on disk, in Testsigma Test Plan run Plugin 1.6 and earlier, the job configuration form does not mask these API...

CVE-2025-53661

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Jenkins plugin Testsigma Test Plan run security vulnerability

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

SV-LLM: an Agentic Approach for SoC Security Verification Using Large Language Models

Ensuring the security of complex system-on-chips SoCs designs is a critical imperative, yet traditional verification techniques struggle to keep pace due to significant challenges in automation, scalability, comprehensiveness, and adaptability. The advent of large language models LLMs, with their...

ThreatLens: LLM-Guided Threat Modeling and Test Plan Generation for Hardware Security Verification

Current hardware security verification processes predominantly rely on manual threat modeling and test plan generation, which are labor-intensive, error-prone, and struggle to scale with increasing design complexity and evolving attack methodologies. To address these challenges, we propose...

CVE-2022-4105

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

GHSA-HF94-8MX5-2VVJ Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

Design/Logic Flaw

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105

CVE-2022-4105 refers to a stored XSS in Kiwi TCMS’s kiwi Test Plan. The vulnerability allows attacker-supplied JavaScript to execute in the context of the application, potentially enabling a chained HTML injection that can perform a UI redressing attack (clickjacking) and an HTML injection that d...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

PT-2022-25655 · Unknown · Kiwi Test Plan

Name of the Vulnerable Software and Affected Versions: kiwi Test Plan affected versions not specified Description: A stored XSS in a kiwi Test Plan can run malicious javascript, potentially chained with an HTML injection to perform a UI redressing attack, also known as clickjacking, and an HTML...

Stored XSS and HTML injection from markdown

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform both a Stored XSS and an HTML injection. Thanks to this attack i...

IBM Rational Quality Manager and Test Lab Manager Policy Bypass

IBM Rational Quality Manager and Test Lab Manager enables quality assurance teams to track all aspects of the quality assurance effort. The central artifact in the tool is a dynamic test plan that contains all information pertaining to the quality assurance effort, such as goals, schedules,...