CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82 matches found

Veracode•added 2025/12/13 4:21 a.m.•5 views

Cross-site Request Forgery (CSRF)

jp.ikedam.jenkins.plugins, extensible-choice-parameter is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to execute sandboxed Groovy code by tricking a user into performing unintended actions...

5.4CVSS5.8AI score0.00236EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/10/30 2:13 p.m.•2 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS6.9AI score0.00236EPSS

Exploits0References1

Github Security Blog•added 2025/10/29 3:31 p.m.•8 views

Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery

Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute sandboxed Groovy code. As of publication of this advisory, the...

5.4CVSS7AI score0.00236EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/29 3:31 p.m.•3 views

EUVD-2025-36650

Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery...

5.4CVSS6.3AI score0.00236EPSS

Exploits0References3

vulnersOsv•added 2025/10/29 3:31 p.m.•8 views

org.jenkins-ci.plugins:maven-artifact-choicelistprovider (>=1.0.3 <=371.ve708f79022db_) potentially affected by CVE-2025-64133 via jp.ikedam.jenkins.plugins:extensible-choice-parameter (>=1.3.3 <=250.va_1cf60782b_1a_)

jp.ikedam.jenkins.plugins:extensible-choice-parameter MAVEN version =1.3.3, =1.0.3, =371.ve708f79022db Source cves: CVE-2025-64133 Source advisory: SNYK:JAVA-JPIKEDAMJENKINSPLUGINS-13775577...

5.4CVSS5.8AI score0.00236EPSS

Exploits0

Snyk•added 2025/10/29 3:31 p.m.•4 views

Cross-site Request Forgery (CSRF)

Overview jp.ikedam.jenkins.plugins:extensible-choice-parameter is a This plugin adds "Extensible Choice" as a build parameter.You can select how to retrieve choices, including the way to share choices among all jobs. Affected versions of this package are vulnerable to Cross-site Request Forgery...

5.4CVSS7.1AI score0.00236EPSS

Exploits0References2

vulnersOsv•added 2025/10/29 3:31 p.m.•8 views

org.jenkins-ci.plugins:maven-artifact-choicelistprovider (>=1.0.3 <=1.9.2) potentially affected by CVE-2025-64133 via jp.ikedam.jenkins.plugins:extensible-choice-parameter (>=1.3.3 <=1.7.0)

jp.ikedam.jenkins.plugins:extensible-choice-parameter MAVEN version =1.3.3, =1.0.3, =1.9.2 Source cves: CVE-2025-64133 Source advisory: OSV:GHSA-3JW2-5HJG-HC2C...

5.4CVSS5.8AI score0.00236EPSS

Exploits0

OSV•added 2025/10/29 3:31 p.m.•1 views

GHSA-3JW2-5HJG-HC2C Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery

5.4CVSS7AI score0.00236EPSS

Exploits0References4

OSV•added 2025/10/29 2:15 p.m.•3 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS5.8AI score0.00236EPSS

Exploits0References2

CVE•added 2025/10/29 1:29 p.m.•18 views

CVE-2025-64133

CVE-2025-64133 : A CSRF vulnerability in the Jenkins Extensible Choice Parameter Plugin (versions 239.v5f5c278708cf and earlier) allows an attacker to cause the controller to execute sandboxed Groovy code. The issue is documented across multiple feeds (Red Hat, NVD, GN, ENISA, GHSA) with consiste...

5.4CVSS6.6AI score0.00236EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/29 1:29 p.m.•5 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

0.00236EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 1:29 p.m.•4 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

6.6AI score0.00236EPSS

Exploits0References1

Positive Technologies•added 2025/10/29 12:0 a.m.•4 views

PT-2025-44282

Name of the Vulnerable Software and Affected Versions Jenkins Extensible Choice Parameter Plugin versions 239.v5f5c278708cf and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Extensible Choice Parameter Plugin. This allows attackers to execute sandboxed Groovy...

5.4CVSS6.7AI score0.00236EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2022-1581

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00734EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2022-1418

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00555EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•8 views

EUVD-2022-1404

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01519EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 10:36 p.m.•7 views

CVE-2022-27202

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00633EPSS

Exploits0References1

BDU FSTEC•added 2022/08/10 12:0 a.m.•6 views

The vulnerability of the Jenkins Dynamic Extended Choice Parameter Plugin exists due to the lack of measures taken to protect the structure of web pages. This allows attackers to carry out XSS attacks.

The vulnerability of the Jenkins Dynamic Extended Choice Parameter Plugin exists due to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

5.5CVSS5.8AI score0.00626EPSS

Exploits0References3Affected Software1

OSV•added 2022/07/28 12:0 a.m.•27 views

GHSA-JVVX-HMMR-RHGG Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS5.5AI score0.00626EPSS

Exploits0References4

Github Security Blog•added 2022/07/28 12:0 a.m.•19 views

Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin

5.4CVSS5.3AI score0.00626EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by