SUSE CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

UBUNTU-CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

EUVD-2026-31074

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

CVE-2026-33681 AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

GHSA-RWR8-XRPW-9QF5 solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

CVE-2022-31062

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

Malicious code in cli-plugin-script (npm)

The package cli-plugin-script was found to contain malicious code...

MAL-2025-17115 Malicious code in cli-plugin-script (npm)

The package cli-plugin-script was found to contain malicious code...

Jenkins Plugin Script Security 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security vulnerabili...

Jenkins Plugin Script Security 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security vulnerabili...

Jenkins Plugin Script Security 操作系统命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin Script Security 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin Script Security 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Security feature bypass

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

CVE-2022-31062 Unauthenticated Local File Inclusion

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

PT-2021-20707 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPi version 9.5.4 Description: The issue allows for the insertion of XSS into plugins, enabling the execution of JavaScript code due to the lack of metadata sanitization. Recommendations: For GLPi version 9.5.4, update to a version that...

@chat21/chat21-server (>=0.1.0 <=0.2.54), @coaty/core (>=2.0.0 <=2.0.1) +21 more potentially affected by CVE-2020-13410 via aedes (>=0.11.1 <=0.41.0)

aedes NPM version =0.11.1, =0.1.0, =2.0.0, =2.0.101, =0.0.6, =1.6.0, =1.0.0, =0.1.0, =0.4.9-v, =0.0.1, =0.5.1, =0.0.1, =2.2.7, =1.0.2, =0.2.0, =0.2.1 and more Source cves: CVE-2020-13410 Source advisory: OSV:GHSA-GH78-48H3-FRJQ...

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...