23 matches found
EUVD-2025-9525
Malicious code in bioql PyPI...
EUVD-2025-14890
Malicious code in bioql PyPI...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
GHSA-5W52-96JJ-FV59 Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery
A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
GHSA-RF73-97J8-9VQH Jenkins Cadence vManager Plugin is Missing Permission Checks
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47886
A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47886
A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47887
CVE-2025-47887 concerns the Jenkins Cadence vManager Plugin. The root cause is missing permission checks in form validation methods, enabling attackers with Overall/Read to make the plugin connect to an attacker-specified URL using attacker-specified credentials. This also implies a CSRF risk sin...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
CVE-2025-47886
The CVE-2025-47886 entry concerns Jenkins Cadence vManager Plugin, affected in versions up to 4.0.1-286.v9e25a_740b_a_48 and earlier. The underlying issue is missing permission checks in form validation methods, enabling CSRF and allowing an attacker with Overall/Read to cause a request to an att...
CVE-2025-47886
A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...
PT-2025-21239 · Jenkins · Jenkins Cadence Vmanager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-31724
The CVE-2025-31724 issue affects the Jenkins Cadence vManager Plugin (versions up to 4.0.0-282.v5096a_c2db_275 and earlier). The root cause is unencrypted storage of Verisium Manager vAPI keys in job config.xml files on the Jenkins controller, exposing keys to users with Extended Read permission ...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...