Lucene search
K

287 matches found

CNVD
CNVD
added 2025/11/11 12:0 a.m.3 views

Advantech WebAccess/VPN Absolute Path Traversal Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...

6.9CVSS7AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 7:43 p.m.2 views

CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.9CVSS6.3AI score0.00341EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:43 p.m.4 views

CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.9CVSS0.00341EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6194

Malware in sbrugna...

7.5CVSS6.4AI score0.02299EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6193

Malware in sbrugna...

7.5CVSS6.4AI score0.02453EPSS
Exploits0References5
CNVD
CNVD
added 2025/09/02 12:0 a.m.4 views

WordPress Ultimate Tag Warrior Importer plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Tag Warrior Importer plugin suffers from a cross-site request forgery vulnerability that arises when a web application does not adequately validate that a...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/29 4:25 a.m.3 views

CVE-2025-9374 Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery

The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.6 views

WordPress plugin Ultimate Tag Warrior Importer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Tag Warrior Importer plugin suffers from a cross-site request forgery vulnerability that arises when a web application does not adequately validate that a...

4.3CVSS6.6AI score0.00124EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/28 9:51 p.m.5 views

WordPress Ultimate Tag Warrior Importer plugin <= 0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Tag Warrior Importer versions = 0.2...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.5 views

The vulnerability of the Warrior Framework plugin for Jenkins’ automation servers, related to the storage of passwords in an open manner, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server’s Warrior Framework plugin lies in the storage of passwords in an exposed manner within the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...

6.8CVSS5.4AI score0.00291EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.9 views

Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/07/09 6:30 p.m.5 views

GHSA-2G8W-9933-36VR Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.6AI score0.00291EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/09 4:47 p.m.4 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of credentials in config.xml files. An attacker can obtain sensitive information by accessing these files either through the Jenkins controller file system or by having Item/Extended Read permission...

6.8CVSS6.7AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.3 views

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS5.8AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2025/07/09 3:39 p.m.23 views

CVE-2025-53675

The CVE-2025-53675 entry describes a vulnerability in the Jenkins Warrior Framework Plugin (versions 1.2 and earlier) where passwords are stored unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or access to the Jenkins controller filesy...

6.5CVSS6.5AI score0.00291EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/09 3:39 p.m.9 views

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/09 3:39 p.m.4 views

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

7AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.4 views

Jenkins plugin Warrior Framework 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

6.5CVSS6.1AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.3 views

PT-2025-28927 · Jenkins · Jenkins Warrior Framework Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Warrior Framework Plugin versions 1.2 and earlier Description: The Jenkins Warrior Framework Plugin stores passwords unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission o...

6.8CVSS6AI score0.00291EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2022/08/01 2:5 p.m.34 views

Two Key Ways Development Teams Can Increase Their Security Maturity

Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent...

7.5AI score
Exploits0
Rows per page
Query Builder