CVE-2025-53672

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenki ...

Continue Reading

July 09, 2025

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture...Read More ...

Continue Reading

July 09, 2025

CVE-2025-53670

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by u ...

Continue Reading

July 09, 2025

CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture...Read More ...

Continue Reading

July 09, 2025

CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly ve ...

Continue Reading

July 09, 2025

CVE-2025-53373

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. T ...

Continue Reading

July 09, 2025

CVE-2025-6514

creation_timestamp| type| source ---|---|--- 2025-07-09 14:30:15+00:00| seen|...Read More ...

Continue Reading

July 09, 2025

CVE-2025-53546

creation_timestamp| type| source ---|---|--- 2025-07-09 14:42:52+00:00| seen|...Read More ...

Continue Reading

July 09, 2025

1 714 715 716 717 718 9,321

Back to Main
Subscribe for the latest news: