EUVD-2012-5939

Malware in sbrugna...

EUVD-2022-2483

Malicious code in bioql PyPI...

EUVD-2022-2884

Malicious code in bioql PyPI...

EUVD-2022-4224

Malicious code in bioql PyPI...

DRUPAL-CONTRIB-2025-109

This module enables you to add Umami Analytics web statistics tracking system to your website. The "administer umami analytics" permission allows inserting an arbitrary JavaScript file on every page. While this is an expected feature, the permission lacks the "restrict access" flag, which should...

CVE-2020-2137

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058

This module enables you to add the Piwik Pro web statistics tracking system to your website. The module does not check the JS code that is loaded on the website. So a user with the "Administer Piwik Pro" permission could configure the module to load JS from a malicious website. This vulnerability...

Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

DRUPAL-CONTRIB-2023-029

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions. The...

SUSE CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

PT-2022-25742 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.129 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified...

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

GHSA-HX53-635R-VMV8 Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. Jenkins Chaos Monkey Plugin 0.4.1 requires Overall/Administer permission to...

GHSA-MR75-899X-QCXQ Missing permission checks in Jenkins Chaos Monkey Plugin

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to generate load and to generate memory leaks. Jenkins Chaos Monkey Plugin 0.4 requires Overall/Administer permission to generate load and t...