CVE-2025-34174

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

RHEL 8 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHCOS 4 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory. - http2-server: Invalid HTTP/2 requests cause DoS CVE-2022-2048 - Libraries: Untrusted users can modify some Pipeline libraries in...

RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. - SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 - jenkins: Observable timing discrepancy allows...

CVE-2023-34174

Unauth. Reflected Cross-Site Scripting XSS vulnerability in BBS e-Theme BBS e-Popup plugin = 2.4.5 versions...

CVE-2023-34174

Unauth. Reflected Cross-Site Scripting XSS vulnerability in BBS e-Theme BBS e-Popup plugin = 2.4.5 versions...

CVE-2023-34174 WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in BBS e-Theme BBS e-Popup plugin = 2.4.5 versions...

CVE-2023-34174

CVE-2023-34174: Unauthenticated Reflected XSS in WordPress plugin BBS e-Popup (BBS e-Theme)

WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software BBS e-Popup Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34174 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 96c0636c0d1f Credits LEE SE HYOUNG...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2022-34174 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.33)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2022-34174 Source advisory: OSV:GHSA-9GRJ-J43M-MJQR...

Jenkins < 2.356, < 2.332.4 LTS Information Disclosure Vulnerability (SECURITY-2566) - Windows

Jenkins is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Jenkins < 2.356, < 2.332.4 LTS Information Disclosure Vulnerability (SECURITY-2566) - Linux

Jenkins is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

FreeBSD : jenkins -- multiple vulnerabilities (25be46f0-f25d-11ec-b62a-00e081b7aa2d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 25be46f0-f25d-11ec-b62a-00e081b7aa2d advisory. - In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both...

CVE-2022-34174

CVE-2022-34174 affects Jenkins 2.355 and earlier (and LTS 2.332.3 and earlier) where an observable timing discrepancy on the login form can distinguish between login attempts with an invalid username versus a valid username and wrong password when using the Jenkins user database security realm; t...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

CVE-2021-34174

CVE-2021-34174 affects Broadcom BCM4352 and BCM43684 wireless chips used in routers (e.g., ASUS AX6100). The vulnerability allows a DoS to devices connected to affected routers via crafted association or reassociation frames. The sources consistently identify the affected components as BCM4352/BC...