287 matches found
Advantech WebAccess/VPN Absolute Path Traversal Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...
CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...
CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...
EUVD-2008-6194
Malware in sbrugna...
EUVD-2008-6193
Malware in sbrugna...
WordPress Ultimate Tag Warrior Importer plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Tag Warrior Importer plugin suffers from a cross-site request forgery vulnerability that arises when a web application does not adequately validate that a...
CVE-2025-9374 Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can...
WordPress plugin Ultimate Tag Warrior Importer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Tag Warrior Importer plugin suffers from a cross-site request forgery vulnerability that arises when a web application does not adequately validate that a...
WordPress Ultimate Tag Warrior Importer plugin <= 0.2 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Tag Warrior Importer versions = 0.2...
The vulnerability of the Warrior Framework plugin for Jenkins’ automation servers, related to the storage of passwords in an open manner, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server’s Warrior Framework plugin lies in the storage of passwords in an exposed manner within the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-2G8W-9933-36VR Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of credentials in config.xml files. An attacker can obtain sensitive information by accessing these files either through the Jenkins controller file system or by having Item/Extended Read permission...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53675
The CVE-2025-53675 entry describes a vulnerability in the Jenkins Warrior Framework Plugin (versions 1.2 and earlier) where passwords are stored unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or access to the Jenkins controller filesy...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins plugin Warrior Framework 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
PT-2025-28927 · Jenkins · Jenkins Warrior Framework Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Warrior Framework Plugin versions 1.2 and earlier Description: The Jenkins Warrior Framework Plugin stores passwords unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission o...
Two Key Ways Development Teams Can Increase Their Security Maturity
Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent...