CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server...

9.1CVSS8.1AI score0.058EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 10:38 a.m.•7 views

CVE-2024-52012

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

5.4CVSS7AI score0.13709EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:21 a.m.•12 views

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

6.5CVSS6.8AI score0.00088EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:32 p.m.•3 views

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

5.4CVSS6.7AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:10 p.m.•6 views

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.5AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:14 a.m.•5 views

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

7.5CVSS6.7AI score0.00055EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:14 a.m.•4 views

CVE-2019-10319

A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...

4.3CVSS6.3AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:13 a.m.•4 views

CVE-2019-10372

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login...

6.1CVSS6.6AI score0.00054EPSS

Exploits0References1

Cvelist•added 2025/05/10 7:31 p.m.•24 views

CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect

A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...

5.3CVSS0.00219EPSS

Exploits0References4

Positive Technologies•added 2025/05/10 12:0 a.m.•1 views

PT-2025-20639 · Moodle · Catalyst User Key Authentication Plugin

Name of the Vulnerable Software and Affected Versions: Catalyst User Key Authentication Plugin version 20220819 Description: A vulnerability was found in the Catalyst User Key Authentication Plugin on Moodle, affecting an unknown functionality of the file /auth/userkey/logout.php of the component...

5.3CVSS4.4AI score0.00219EPSS

Exploits0References10