Lucene search
K

141 matches found

Github Security Blog
Github Security Blog
added 2026/04/04 6:8 a.m.5 views

Directus: Open Redirect in Admin 2FA Setup Page

Summary Directus is vulnerable to an Open Redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing t...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.4 views

CVE-2025-64150

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS6.5AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 3:31 p.m.6 views

EUVD-2025-36643

Jenkins Publish to Bitbucket Plugin is missing a permissions check...

5.4CVSS6.3AI score0.00222EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.8 views

Jenkins Themis Plugin vulnerable to cross-site request forgery

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

4.3CVSS6.7AI score0.00206EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/29 3:31 p.m.4 views

GHSA-93MH-MX9W-M69Q Jenkins Themis Plugin vulnerable to cross-site request forgery

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

4.3CVSS6.7AI score0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/29 3:31 p.m.7 views

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

4.3CVSS6.2AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 3:31 p.m.7 views

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

4.3CVSS6.3AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 3:31 p.m.7 views

EUVD-2025-36659

Jenkins Start Windocks Containers Plugin is missing a permission check...

4.3CVSS6.2AI score0.00227EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 2:15 p.m.7 views

CVE-2025-64150

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 2:15 p.m.5 views

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.8 views

CVE-2025-64150

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.3 views

CVE-2025-64150

A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.2AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.3 views

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.3AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.9 views

CVE-2025-64139

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.11 views

Jenkins Nexus Task Runner Plugin 安全漏洞

Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.12 views

PT-2025-44299

Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A flaw exists where a missing permission check allows attackers possessing Overall/Read permission to establish a connection to a URL specified by the attacker, utilizing...

5.4CVSS6.2AI score0.00222EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46637

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2288

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00537EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0346

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00556EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3614

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00836EPSS
Exploits0References6
Rows per page
Query Builder