CVE-2026-39368

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

Jenkins Plugin Test Results Aggregator 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Test Resul...

PT-2022-4022 · Jenkins · Jenkins Coverity Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverity Plugin versions 1.11.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Coverity Plugin, which can be exploited by attackers with Overall/Read permission to connect to an...

CVE-2022-34208

A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an...

Cross site scripting

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an...

PT-2019-11858 · Jenkins · Jenkins Deploy Weblogic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deploy WebLogic Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials or determine whether a file or...

CVE-2018-0356

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

jenkins-plugin-git: CSRF vulnerability allows capturing credentials (SECURITY-528)

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...