207 matches found
CVE-2025-14813 vulnerabilities
Vulnerabilities for packages: sonarqube...
GHSA-574F-3G2M-X479 vulnerabilities
Vulnerabilities for packages: sonarqube...
GHSA-574F-3G2M-X479 vulnerabilities
Vulnerabilities for packages: sonarqube...
CVE-2025-14813 vulnerabilities
Vulnerabilities for packages: sonarqube...
SonarQube - Authentication Bypass
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. id: CVE-2020-27986 info: name: SonarQube - Authentication Bypass author: pikpikcu severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to...
CLEANSTART-2026-QW49365 Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial o...
Multiple security vulnerabilities affect the sonarqube package. Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of...
CVE-2026-3816
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...
EUVD-2026-10325
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...
CVE-2026-3816
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...
CVE-2026-3816
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...
CVE-2026-3816 OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...
CVE-2026-3816 OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...
CVE-2026-3816
The CVE-2026-3816 affects OWASP DefectDojo
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
CVE-2020-37020
CVE-2020-37020 affects SonarQube 8.3.1 and describes an unquoted service path vulnerability in the service executable path. According to the provided description, local attackers can gain SYSTEM privileges by exploiting this path vulnerability: they replace the wrapper.exe in the service path wit...
CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
EUVD-2020-30923
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
PT-2026-5293
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...