CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/27 2:13 p.m.•4 views

CVE-2026-48923

5.8AI score0.00021EPSS

EUVD•added 2026/05/27 2:13 p.m.•5 views

EUVD-2026-32514

Cvelist•added 2026/05/27 2:13 p.m.•33 views

CVE-2026-48923

0.00021EPSS

CVE•added 2026/05/27 2:13 p.m.•9 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44016

Name of the Vulnerable Software and Affected Versions Jenkins AppSpider Plugin versions prior to 1.0.18 Description A missing permission check in a method implementing form validation allows users with Overall/Read permissions to trigger a connection to an attacker-specified URL. Recommendations...

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Jenkins AppSpider Plugin 安全漏洞

The Jenkins AppSpider Plugin is an open-source Jenkins application security scanning integration plugin. The Jenkins AppSpider Plugin versions 1.0.17 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks in the method responsible for form...

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-1048

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00052EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-1628

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00037EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-5198

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00011EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-1446

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00116EPSS

RedhatCVE•added 2025/05/23 9:55 a.m.•5 views

CVE-2024-28155

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...

4.3CVSS6.3AI score0.00052EPSS

RedhatCVE•added 2025/05/23 3:51 a.m.•3 views

CVE-2023-32999

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

4.3CVSS6.5AI score0.00116EPSS

RedhatCVE•added 2025/05/23 3:51 a.m.•5 views

CVE-2023-32998

A cross-site request forgery CSRF vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials...

8.8CVSS6.7AI score0.00037EPSS