Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF)

Jenkins Simple Queue Plugin 1.4.6 and earlier does not require POST requests for multiple HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to change and reset the build queue order. Simple Queue Plugin 1.4.7 requires POST requests...

CVE-2025-31723

A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...

CVE-2025-31723

A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...

CVE-2025-31723

A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...

CVE-2025-31723

A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...

CVE-2025-31723

The CVE-2025-31723 issue affects Jenkins Simple Queue Plugin 1.4.6 and earlier. A Cross-Site Request Forgery (CSRF) vulnerability lets an attacker change and reset the build queue order via forged HTTP requests. Exploitation is described in SNYK as feasible only when CSRF protection is disabled i...

SUSE CVE-2025-21919

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in childcfsrqonlist childcfsrqonlist attempts to convert a 'prev' pointer to a cfsrq. This 'prev' pointer can originate from struct rq's leafcfsrqlist, making the conversion invalid and...

kernel: use-after-free in cec_queue_msg_fh

A vulnerability was found in the Linux kernel. A use-after-free exists in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

Malicious code in @hongfangze/mq (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32be147fdc6ce87ca5422a92c79a9d1fe7e891ec5e55768e935355ede80f4e4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-14513 · Jenkins · Jenkins Simple Queue Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Simple Queue Plugin versions 1.4.6 and earlier Description: A cross-site request forgery CSRF issue allows attackers to change and reset the build queue order. Recommendations: For Jenkins Simple Queue Plugin versions 1.4.6 and earlie...

Jenkins plugin Simple Queue 跨站请求伪造漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A cross-site reque...

PT-2025-25848

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, specifically in the vhost-scsi completion path. The issue arises when the vhost-scsi completion path accesses vq-log base while...

DEBIAN-CVE-2025-21974

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxtqueuememalloc The bnxtqueuememalloc is called to allocate new queue memory when a queue is restarted. It internally accesses rx buffer descriptor corresponding to the index. The ...

DEBIAN-CVE-2025-21969

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

CVE-2025-21969

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

DEBIAN-CVE-2025-21973

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix kernel panic in the bnxtgetqueuestatsrx | tx When qstats-get operation is executed, callbacks of netdevstatsops are called. The bnxtgetqueuestatsrx | tx collect per-queue stats from swstats in the rings. But rx | t...

AZL-60251 CVE-2025-21969 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

CVE-2025-21940

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfdqueueacquirebuffers. cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530...

DEBIAN-CVE-2025-21925

In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices not supporting IFFTXSKBSHARING. In this case, e1000 driver calls ethskbpad, while the skb is shared. Simply replace skbget by...

CVE-2025-21911

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, rather than in the release function itself. Fixes deadlock issues such as the following: 607.400437...