141 matches found
Directus: Open Redirect in Admin 2FA Setup Page
Summary Directus is vulnerable to an Open Redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing t...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
EUVD-2025-36643
Jenkins Publish to Bitbucket Plugin is missing a permissions check...
Jenkins Themis Plugin vulnerable to cross-site request forgery
Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
GHSA-93MH-MX9W-M69Q Jenkins Themis Plugin vulnerable to cross-site request forgery
Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
EUVD-2025-36656
Jenkins Nexus Task Runner Plugin is missing a permission check...
EUVD-2025-36657
Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...
EUVD-2025-36659
Jenkins Start Windocks Containers Plugin is missing a permission check...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64149
A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64149
A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64139
A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
Jenkins Nexus Task Runner Plugin 安全漏洞
Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...
PT-2025-44299
Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A flaw exists where a missing permission check allows attackers possessing Overall/Read permission to establish a connection to a URL specified by the attacker, utilizing...
EUVD-2024-46637
Malicious code in bioql PyPI...
EUVD-2023-2288
Malicious code in bioql PyPI...
EUVD-2023-0346
Malicious code in bioql PyPI...
EUVD-2022-3614
Malicious code in bioql PyPI...