Lucene search
K

132 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.15 views

CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 5:20 p.m.14 views

CVE-2026-57951

Summary: Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied OR condition that bypasses operation-scoped access controls. This allows authenticated operators and spectators to read fields (step_stdout, step_stderr, step_name, ...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/29 5:20 p.m.3 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS6AI score0.00246EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/29 5:20 p.m.34 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53669

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...

7.1CVSS6AI score0.00246EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:8 p.m.14 views

Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:20 a.m.7 views

CVE-2024-2216

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

8.8CVSS6.6AI score0.00826EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.8 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS6.8AI score0.00408EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-45766

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.53128EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0838

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00408EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2210

Malicious code in bioql PyPI...

3.1CVSS5.6AI score0.00439EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3197

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00958EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.9 views

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step...

6.1CVSS6AI score0.53128EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:20 p.m.5 views

CVE-2020-2265

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

5.4CVSS5.3AI score0.00735EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/06/27 4:23 a.m.28 views

CVE-2024-39458

A vulnerability was found in the Jenkins Structs Plugin. When it fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

5.5CVSS6.1AI score0.00439EPSS
Exploits0References5
OSV
OSV
added 2024/06/26 5:15 p.m.4 views

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

3.1CVSS6.5AI score
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/06/26 5:6 p.m.6 views

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

3.1CVSS6.6AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.6 views

Jenkins Plugin Structs Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

3.1CVSS6.6AI score0.00439EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.6 views

PT-2024-4650 · Jenkins · Jenkins Structs Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Structs Plugin versions 337.v1b 04ea 4df7c8 and earlier Description: The issue is related to the accidental exposure of secrets through the default system log when the Jenkins Structs Plugin fails to configure a build step. This happe...

3.1CVSS6.8AI score0.00439EPSS
Exploits0References11
CNVD
CNVD
added 2024/05/31 12:0 a.m.2 views

JetBrains TeamCity Build Steps to Set Up Cross-Site Scripting Vulnerabilities

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

5.4CVSS6.2AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder