CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

247 matches found

CNNVD•added 2026/03/13 12:0 a.m.•4 views

JumpServer 信任管理问题漏洞

JumpServer is an open-source bastion host provided by JumpServer Technology Co., Ltd. in Hangzhou, China. Versions of JumpServer prior to v4.10.16-lts contained a vulnerability related to trust management. This vulnerability stemmed from improper validation of the custom SMS API client certificat...

5CVSS5.8AI score0.00097EPSS

Exploits0References1

Positive Technologies•added 2026/03/13 12:0 a.m.•4 views

PT-2026-25363

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS6.2AI score0.00347EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:52 a.m.•4 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.4CVSS6.2AI score0.00735EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:1 a.m.•6 views

CVE-2023-43650

JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code,...

8.2CVSS7.4AI score0.00505EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:1 a.m.•17 views

CVE-2023-43651

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...

9.9CVSS8.6AI score0.01716EPSS

Exploits1References1

RedhatCVE•added 2025/12/11 8:53 p.m.•4 views

CVE-2025-58044

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This...

6.9CVSS6.7AI score0.00442EPSS

Exploits0References1

NVD•added 2025/12/01 9:15 p.m.•8 views

CVE-2025-58044

6.9CVSS0.00442EPSS

Exploits0References2

Vulnrichment•added 2025/12/01 8:17 p.m.•3 views

CVE-2025-58044 JumpServer has an Open Redirect Vulnerability

6.9CVSS6.4AI score0.00442EPSS

Exploits0References2

Cvelist•added 2025/12/01 8:17 p.m.•8 views

CVE-2025-58044 JumpServer has an Open Redirect Vulnerability

6.9CVSS0.00442EPSS

Exploits0References2

CVE•added 2025/12/01 8:17 p.m.•22 views

CVE-2025-58044

JumpServer contains an Open Redirect vulnerability in the /core/i18n// API where the Referer header is used as a redirection target without proper validation. Affected versions are prior to 3.10.19 and prior to 4.10.5. The issue is fixed in JumpServer v3.10.19 and v4.10.5. Remediation: upgrade to...

6.9CVSS6.4AI score0.00442EPSS

Exploits0References2Affected Software1

OSV•added 2025/12/01 8:17 p.m.•4 views

CVE-2025-58044 JumpServer has an Open Redirect Vulnerability

6.9CVSS6.7AI score0.00442EPSS

Exploits0References4

CNNVD•added 2025/12/01 12:0 a.m.•4 views

JumpServer 输入验证错误漏洞

JumpServer is an open source bastion machine from Hangzhou, China-based Feizhiyun Information Technology JumpServer. An input validation error vulnerability exists in JumpServer versions prior to v3.10.19 and prior to v4.10.5, which stems from the /core/i18n// endpoint not properly validating the...

6.9CVSS6.5AI score0.00442EPSS

Exploits0References3

RedhatCVE•added 2025/10/31 5:14 p.m.•5 views

CVE-2025-62712

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...

9.6CVSS6.7AI score0.00451EPSS

Exploits0References1

NVD•added 2025/10/30 5:15 p.m.•9 views

CVE-2025-62795

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

7.1CVSS0.00238EPSS

Exploits1References1

Cvelist•added 2025/10/30 4:56 p.m.•8 views

CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket

7.1CVSS0.00238EPSS

Exploits1References1

Vulnrichment•added 2025/10/30 4:56 p.m.•2 views

CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket

7.1CVSS6.3AI score0.00238EPSS

Exploits1References1

OSV•added 2025/10/30 4:56 p.m.•3 views

CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket

7.1CVSS6.7AI score0.00238EPSS

Exploits1References3

CVE•added 2025/10/30 4:56 p.m.•33 views

CVE-2025-62795

JumpServer vulnerability CVE-2025-62795 affects JumpServer before v3.10.21-lts and v4.10.12-lts. A low-privileged authenticated user can bypass authorization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, enabling LDAP configuration tests and LDAP synchronization. This could lea...

7.1CVSS6.3AI score0.00238EPSS

Exploits1References1Affected Software1

NVD•added 2025/10/30 4:15 p.m.•13 views

CVE-2025-62712

9.6CVSS0.00451EPSS

Exploits0References2

Vulnrichment•added 2025/10/30 4:8 p.m.•3 views

CVE-2025-62712 JumpServer Connection Token Leak Vulnerability

9.6CVSS6.3AI score0.00451EPSS

Exploits0References2

Rows per page