CVE-2019-16551

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

CVE-2025-64149

CVE-2025-64149 involves the Jenkins Publish to Bitbucket Plugin (versions 0.4 and earlier) with a CSRF vulnerability via an HTTP endpoint. An attacker with Overall/Read permission can initiate requests to an attacker-controlled URL using credentials IDs obtained through other means, potentially c...

EUVD-2023-0432

Malicious code in bioql PyPI...

EUVD-2022-0766

Malicious code in bioql PyPI...

EUVD-2022-0998

Malicious code in bioql PyPI...

EUVD-2022-7681

Malicious code in bioql PyPI...

EUVD-2022-1207

Malicious code in bioql PyPI...

EUVD-2022-3396

Malicious code in bioql PyPI...

EUVD-2023-2429

Malicious code in bioql PyPI...

EUVD-2022-0982

Malicious code in bioql PyPI...

EUVD-2022-0524

Malicious code in bioql PyPI...

EUVD-2023-1523

Malicious code in bioql PyPI...

CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-34797

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2018-1999039

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...

CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...