Lucene search
K

443 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2014-7956

Malicious code in bioql PyPI...

4.3CVSS6.8AI score0.22016EPSS
Exploits0References29
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7072

Malicious code in bioql PyPI...

8.1CVSS7AI score0.00228EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-38748

Malicious code in bioql PyPI...

9.8CVSS8.3AI score0.00861EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-45835

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00593EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-24440

Malicious code in bioql PyPI...

4.9CVSS8AI score0.00662EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-23018

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00273EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1569

Malicious code in bioql PyPI...

4.8CVSS5AI score0.00757EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-45781

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01045EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.6 views

PT-2025-38760

Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager version 4.4.4 Description A critical Remote Code Execution issue exists in Creacast Creabox Manager version 4.4.4. An authenticated attacker can inject arbitrary Lua code into the configuration through the edit.php...

8.8CVSS7.7AI score0.00772EPSS
Exploits1References4
OSV
OSV
added 2025/08/29 3:35 p.m.6 views

CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

6.9CVSS6.4AI score0.00359EPSS
Exploits0References5
CVE
CVE
added 2025/08/19 7:52 p.m.20 views

CVE-2025-55740

CVE-2025-55740 affects nginx-defender, a WAF/threat-detection system. The vulnerability is a configuration flaw where default credentials in example files (config.yaml and docker-compose.yml) are left unchanged (default_password: change_me_please; GF_SECURITY_ADMIN_PASSWORD=admin123). If exposed ...

6.5CVSS6.9AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/01 5:40 p.m.5 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS6.9AI score0.00867EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/11 12:0 a.m.3 views

Belkin F9K1122 Command Injection Vulnerability (CNVD-2025-20834)

The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a command injection vulnerability that originates from a misbehavior of the parameters mwanipaddr/mwannetmask/mwangateway/mwanstaticdns1/mwanstaticdns2 in the file /goform/formSetWanStatic. can be...

8.8CVSS8.2AI score0.15103EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.9 views

Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/07/09 4:15 p.m.39 views

CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

5.3CVSS0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/07/09 4:15 p.m.7 views

CVE-2025-53667

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

5.3CVSS0.00262EPSS
Exploits0References2
CVE
CVE
added 2025/07/09 3:39 p.m.24 views

CVE-2025-53677

CVE-2025-53677 affects Jenkins Xooa Plugin versions 0.0.7 and earlier. The token is not masked on the global configuration form, enabling potential observation/capture of the Xooa Deployment Token by users with access to the Jenkins controller/file system. Remediation: update to a newer plugin ve...

5.3CVSS6.5AI score0.00252EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/09 12:17 a.m.14 views

CVE-2025-43932

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

9.8CVSS6.8AI score0.00341EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.4 views

PT-2025-28906 · Jenkins · Jenkins Statistics Gatherer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier Description: The Jenkins Statistics Gatherer Plugin stores the AWS Secret Key unencrypted in its global configuration file...

6.8CVSS5.8AI score0.00354EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/07/07 12:0 a.m.9 views

CVE-2025-43932

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

0.00341EPSS
Exploits0References2
Rows per page
Query Builder