CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-1642

Malware in sbrugna...

2.1CVSS6.4AI score0.00194EPSS

Exploits0References6

Github Security Blog•added 2022/05/24 4:47 p.m.•21 views

Jenkins ElectricFlow Plugin missing permission check

A missing permission check in a form validation method in CloudBees CD Plugin allowed users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method did not require POST...

4.3CVSS6.7AI score0.00123EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/24 4:47 p.m.•17 views

Jenkins JX Resources Plugin missing permission check

Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...

8.8CVSS6.3AI score0.00075EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/24 4:47 p.m.•13 views

GHSA-76X4-HR82-CG3M Jenkins ElectricFlow Plugin cross-site request forgery vulnerability

4.3CVSS4.4AI score0.00207EPSS

Exploits0References4

Github Security Blog•added 2022/05/24 4:47 p.m.•22 views

Jenkins ElectricFlow Plugin cross-site request forgery vulnerability

4.3CVSS6.7AI score0.00207EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/24 4:43 p.m.•16 views

GHSA-J365-62PX-VJJV Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability

Jenkins GitLab Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

8CVSS7.5AI score0.00084EPSS

Exploits0References4

OSV•added 2022/05/14 3:13 a.m.•19 views

GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

4.2CVSS6.4AI score0.00094EPSS

Exploits0References5

Github Security Blog•added 2022/05/14 3:13 a.m.•17 views

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

6.5CVSS2.7AI score0.00094EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/14 1:9 a.m.•16 views

GHSA-6W3H-VQ7M-V3QF Jenkins Black Duck Detect Plugin information exposure vulnerability

Jenkins Black Duck Detect Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credential...

6.5CVSS6.4AI score0.00094EPSS

Exploits0References5

Github Security Blog•added 2022/05/14 1:9 a.m.•14 views

Jenkins Black Duck Detect Plugin information exposure vulnerability

6.5CVSS6.7AI score0.00094EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2019/06/11 12:0 a.m.•5 views

PT-2019-11731 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to a specified URL using specified credentials. This is due ...

4.3CVSS4.3AI score0.00207EPSS

Exploits0References8

Positive Technologies•added 2019/04/18 12:0 a.m.•2 views

PT-2019-11702 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.11 and earlier Description: A cross-site request forgery issue exists due to insufficient permission checks and form validation in the GitLabConnectionConfigdoTestConnection method. This allows attackers to...

8CVSS7.4AI score0.00084EPSS

Exploits0References7

NVD•added 2012/08/14 11:55 p.m.•15 views

CVE-2012-2076

Cross-site scripting XSS vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.3AI score0.00259EPSS

Exploits0References8

Cvelist•added 2010/05/19 8:0 p.m.•12 views

CVE-2010-1984

Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display...

5.4AI score0.00269EPSS

Exploits0References6

NVD•added 2010/04/08 4:30 p.m.•5 views

CVE-2010-1303

Multiple cross-site scripting XSS vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary 1...

2.1CVSS5.5AI score0.00165EPSS

Exploits0References5

Exploit DB•added 2009/12/16 12:0 a.m.•27 views

Drupal Module Sections 5.x-1.2/6.x-1.2 - HTML Injection

source: https://www.securityfocus.com/bid/37371/info The Sections module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and...

7.4AI score

Exploits0

Prion•added 2009/10/09 2:30 p.m.•5 views

Cross site scripting

Cross-site scripting XSS vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names...

3.5CVSS5.6AI score0.00111EPSS

Exploits1References3Affected Software1

Cvelist•added 2009/06/16 7:0 p.m.•15 views

CVE-2009-2074

Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...

5.4AI score0.00198EPSS

Exploits1References6

securityvulns•added 2009/05/21 12:0 a.m.•45 views

[Full-disclosure] Drupal 6.12 (core) User Module XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure have been posted at http://lampsecurity.org/drupal-role-xss-vulnerability Vendor Notified: 05/19/09 Vendor Response: Drupal security team responds that this vulnerability has been publicly disclosed since October 2, 2008 and...

5.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by