Lucene search
K

20 matches found

EUVD
EUVD
added 2026/05/08 6:32 a.m.8 views

EUVD-2024-55569

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.3CVSS6.1AI score0.03891EPSS
Exploits3References4
NVD
NVD
added 2026/05/08 6:16 a.m.22 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.3CVSS0.03891EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.7 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.6AI score0.03891EPSS
Exploits3References5
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.214 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

0.03891EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.6 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.6AI score0.03891EPSS
Exploits3References3
Veracode
Veracode
added 2025/12/13 4:57 a.m.7 views

Cross-site Scripting (XSS)

Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...

5.4CVSS5.8AI score0.00243EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2784

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00606EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24268

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 4:15 p.m.5 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/12 3:47 p.m.3 views

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS7.2AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2025/08/12 3:47 p.m.23 views

CVE-2025-54800

CVE-2025-54800 describes a persistent XSS in Hydra (Nix-based CI) where a malicious package could inject arbitrary JavaScript into Hydra’s database, which then gets evaluated in a client’s browser when visiting the build page. The issue is stated as fixed by commit dea1e16; workarounds include no...

7.1CVSS7.2AI score0.00188EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/08/12 3:47 p.m.6 views

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS6.9AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/12 3:47 p.m.9 views

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/09 6:30 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Applitools URL field on the build page. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious input into this field. This is only exploitable if the...

5.4CVSS5.4AI score0.00243EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.10 views

Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Applitools Eyes Plugin 1.16.6 rejects Applitools URLs that contain HTML...

5.4CVSS5AI score0.00243EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

CVE-2023-46659

Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

Jenkins Plugin Edgewall Trac Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS6AI score0.00459EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.3 views

Jenkins Plugin GitHub Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS6.1AI score0.00606EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.19 views

Stored XSS vulnerability in Jenkins Deployer Framework Plugin

Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...

5.4CVSS4.9AI score0.00688EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/07/15 6:15 p.m.6 views

CVE-2020-2227

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...

5.4CVSS6AI score0.00688EPSS
Exploits0References2
Rows per page
Query Builder