Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.7 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.3 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.7AI score0.00485EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.3 views

Ruckus Wireless ICX Switches Cross-site Scripting and Cross-site Request Forgery (CVE-2023-39905)

A vulnerability in the web-based management interface of the RUCKUS ICX product line could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit this vulnerability, an attacker would require the targeted user to click a crafted link that would send ...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-24972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported...

8.8CVSS7.5AI score0.04719EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.2 views

WordPress plugin Platform 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS6.5AI score0.01805EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.5 views

CVE-2024-5282

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/04 7:9 a.m.30 views

CVE-2024-13860

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbptopictitle’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2024/06/04 6:15 a.m.5 views

CVE-2024-4750

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...

5.3CVSS5.8AI score0.0043EPSS
Exploits2References1
OSV
OSV
added 2023/12/13 6:31 p.m.32 views

GHSA-PHJQ-7XQP-2526 Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS8.7AI score0.00447EPSS
Exploits0References6
OSV
OSV
added 2023/12/13 6:31 p.m.24 views

GHSA-4G5F-W3MH-W99M Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS4.9AI score0.00485EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.24 views

Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.25 views

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.3CVSS6.6AI score0.00485EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.24 views

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

5.4CVSS6.8AI score0.0044EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/12/13 6:31 p.m.29 views

GHSA-9VRM-747R-668V Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

7.1CVSS5.8AI score0.0044EPSS
Exploits0References6
OSV
OSV
added 2023/12/13 6:15 p.m.23 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS5.4AI score
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.26 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS0.00485EPSS
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.31 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.00447EPSS
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.23 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.6AI score
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.26 views

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

5.4CVSS0.0044EPSS
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.16 views

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8.8CVSS8.7AI score
Exploits0References2
Rows per page
Query Builder