Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

PT-2025-21238 · Cloudbees +1 · Jenkins Health Advisor By Cloudbees Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Health Advisor by CloudBees Plugin versions 374.v194b d4f0c8c8 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape responses from the Jenkins...

WordPress Plugin All-in-One WP Migration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. PoC The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...

CVE-2021-21613

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control TICS service response content...