Lucene search
+L

23 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-9525

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00302EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14890

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00224EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/16 9:20 p.m.18 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.7AI score0.00292EPSS
Exploits0References1
osv
osv
added 2025/05/14 9:31 p.m.8 views

GHSA-5W52-96JJ-FV59 Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.7AI score0.00224EPSS
Exploits0References5
osv
osv
added 2025/05/14 9:31 p.m.8 views

GHSA-RF73-97J8-9VQH Jenkins Cadence vManager Plugin is Missing Permission Checks

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.5AI score0.00292EPSS
Exploits0References5
osv
osv
added 2025/05/14 9:15 p.m.2 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.9AI score
Exploits0References1
nvd
nvd
added 2025/05/14 9:15 p.m.32 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS0.00224EPSS
Exploits0References1
nvd
nvd
added 2025/05/14 9:15 p.m.14 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS0.00292EPSS
Exploits0References1
osv
osv
added 2025/05/14 9:15 p.m.3 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS7AI score
Exploits0References1
cvelist
cvelist
added 2025/05/14 8:35 p.m.25 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

0.00292EPSS
Exploits0References1
cve
cve
added 2025/05/14 8:35 p.m.51 views

CVE-2025-47887

CVE-2025-47887 concerns the Jenkins Cadence vManager Plugin. The root cause is missing permission checks in form validation methods, enabling attackers with Overall/Read to make the plugin connect to an attacker-specified URL using attacker-specified credentials. This also implies a CSRF risk sin...

4.3CVSS6.9AI score0.00292EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/05/14 8:35 p.m.7 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.7AI score0.00292EPSS
Exploits0References1
cve
cve
added 2025/05/14 8:35 p.m.53 views

CVE-2025-47886

The CVE-2025-47886 entry concerns Jenkins Cadence vManager Plugin, affected in versions up to 4.0.1-286.v9e25a_740b_a_48 and earlier. The underlying issue is missing permission checks in form validation methods, enabling CSRF and allowing an attacker with Overall/Read to cause a request to an att...

4.3CVSS7.1AI score0.00224EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/05/14 8:35 p.m.30 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

0.00224EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/05/14 12:0 a.m.7 views

PT-2025-21239 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

4.3CVSS6.2AI score0.00224EPSS
Exploits0References11
github
github
added 2025/04/02 3:31 p.m.33 views

Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...

4.3CVSS6.9AI score0.00302EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2025/04/02 3:15 p.m.19 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS0.00302EPSS
Exploits0References1
osv
osv
added 2025/04/02 3:15 p.m.10 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS6.6AI score
Exploits0References1
cve
cve
added 2025/04/02 2:59 p.m.73 views

CVE-2025-31724

The CVE-2025-31724 issue affects the Jenkins Cadence vManager Plugin (versions up to 4.0.0-282.v5096a_c2db_275 and earlier). The root cause is unencrypted storage of Verisium Manager vAPI keys in job config.xml files on the Jenkins controller, exposing keys to users with Extended Read permission ...

4.3CVSS7AI score0.00302EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/04/02 2:59 p.m.13 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

7AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder