CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-5702

Malicious code in bioql PyPI...

5.4CVSS7AI score0.00289EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-4773

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00038EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:43 a.m.•5 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS6.8AI score0.00182EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:12 p.m.•6 views

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS6.8AI score0.00121EPSS

Exploits0

RedhatCVE•added 2025/05/22 5:53 a.m.•5 views

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

5.3CVSS6.8AI score0.00038EPSS

Exploits0References1

Veracode•added 2024/06/19 5:58 a.m.•23 views

Path Traversal

ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system files...

10CVSS6.7AI score0.00288EPSS

Exploits0References3Affected Software1

NVD•added 2024/06/17 8:15 p.m.•18 views

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

10CVSS0.00288EPSS

Exploits0References2

CVE•added 2024/06/17 7:25 p.m.•313 views

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

10CVSS9.2AI score0.00288EPSS

Exploits0References2

OSV•added 2024/03/06 11:2 a.m.•30 views

BIT-JENKINS-2021-21615

Jenkins LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

5.3CVSS5.5AI score0.00375EPSS

Exploits0References3

Prion•added 2024/01/24 6:15 p.m.•21 views

Design/Logic Flaw

4.9CVSS7.1AI score0.00182EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/01/24 5:52 p.m.•19 views

CVE-2024-23905

6.1AI score0.00182EPSS

Exploits0References2

Positive Technologies•added 2024/01/24 12:0 a.m.•3 views

PT-2024-2759 · Red Hat +2 · Jenkins Red Hat Dependency Analytics Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Red Hat Dependency Analytics Plugin versions 0.7.1 and earlier Description: The issue is related to the lack of Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers...

8CVSS5.8AI score0.00182EPSS

Exploits0References10

SUSE CVE•added 2023/02/15 4:35 a.m.•2 views

SUSE CVE-2017-1000105

5.3CVSS5.3AI score0.00038EPSS

Exploits0References3

NVD•added 2022/10/19 4:15 p.m.•13 views

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.3CVSS0.01107EPSS

Exploits0References2

Prion•added 2022/10/19 4:15 p.m.•13 views

Design/Logic Flaw

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4CVSS4.6AI score0.01107EPSS

Exploits0References2Affected Software1

Prion•added 2022/10/19 4:15 p.m.•14 views

Design/Logic Flaw

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5CVSS5.2AI score0.01107EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2022/10/19 12:0 a.m.•4 views

CVE-2022-43433

4.6AI score0.01107EPSS

Exploits0References2

Cvelist•added 2022/10/19 12:0 a.m.•14 views

CVE-2022-43435

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.5AI score0.01497EPSS

Exploits0References2

Positive Technologies•added 2022/10/19 12:0 a.m.•4 views

PT-2022-26918 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.20 and earlier Description: The issue allows cross-site scripting XSS attacks by users with the ability to control files in workspaces, archived artifacts, etc. This is because the...

8CVSS5AI score0.01107EPSS

Exploits0References7

Vulnrichment•added 2022/10/19 12:0 a.m.•6 views

CVE-2022-43434

5.2AI score0.01107EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by