Jenkins announces vulnerabilities
Overview : Stored XSS vulnerability in expandable textbox form control SECURITY-1498 / CVE-2019-10401 Jenkins form controls include an expandable textbox
User Credentials hacked in IBM Security Key Lifecycle Manager
Overview : IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can
XSS attacks in Joomla! 3.x before 3.9.12
Overview : In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Exploitation in vBulletin allows remote command execution
Overview : vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Affected
Attackers gain read access to privileged files in Niagara AX
Overview : A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX