CVE-2026-33166

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

CVE-2026-33166

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

CVE-2026-33166

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

CVE-2026-33166

CVE-2026-33166 (Allure Report path traversal): Allure 2.x prior to 2.38.0 is vulnerable to arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive ...

CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

Allure Report 路径遍历漏洞

Allure Report is a flexible and lightweight multi-language test report tool developed under the Allure Framework. Versions of Allure Report prior to 2.38.0 contained a path traversal vulnerability. This vulnerability stemmed from issues with path traversal during the processing of test results,...

CVE-2025-11196

The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlogtestconnection' AJAX action lacking capability checks or nonce validation. This makes it possible for authenticated attackers, with subscriber-leve...

EUVD-2020-21325

Malware in sbrugna...

EUVD-2023-2071

Malicious code in bioql PyPI...

EUVD-2022-7055

Malicious code in bioql PyPI...

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

...

Malicious code in @crimson-team/test-results-notifier (npm)

The package @crimson-team/test-results-notifier was found to contain malicious code...

MAL-2025-7739 Malicious code in @crimson-team/test-results-notifier (npm)

The package @crimson-team/test-results-notifier was found to contain malicious code...

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open source web server from the Apache Foundation USA. The server is fast, reliable, and extensible through a simple API. A security vulnerability exists in Apache HTTP Server version 2.4.64, which stems from a RewriteCond expression evaluation error that could cause all...

CVE-2023-37956

A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CBL Mariner 2.0 Security Update: graphviz (CVE-2023-46045)

The version of graphviz installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46045 advisory. - Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE:...

How the passProtocolUpgrade parameter works

This article illustrates how passProtocolUpgrade works with detailed test results...

Jenkins Test Results Aggregator Plugin missing permission check

Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally,...

Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery

Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally,...