6 matches found
EUVD-2026-42012
The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...
EUVD-2026-39561
Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...
Malicious Package
Overview postingzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
plugin: missing permission checks in Blue Ocean Plugin
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...
Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards
Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers. Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of...
PT-2019-11681 · Jenkins · Jenkins Jenkins-Reviewbot Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A missing permission check in the ReviewboardDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connectio...