CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-53111

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00572EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-33578

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00465EPSS

Exploits0References4

Tenable Nessus•added 2025/09/26 12:0 a.m.•1 views

GoCD Unauthenticated Access

GoCD is an open-source continuous delivery server. When accessible without authentication, an attacker can gain unauthorized access to the GoCD interface, potentially leading to information disclosure or further exploitation of the system. No source data...

6.5AI score

Exploits0References2

RedhatCVE•added 2025/05/23 1:11 a.m.•5 views

CVE-2022-36088

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or...

5.5CVSS6.4AI score0.00037EPSS

Exploits0

NVD•added 2023/03/27 9:15 p.m.•12 views

CVE-2023-28629

GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...

5.4CVSS5.2AI score0.00516EPSS

Exploits0References6

CVE•added 2023/03/27 8:36 p.m.•37 views

CVE-2023-28629

GoCD (open-source CI/CD server) prior to version 23.1.0 is vulnerable to stored XSS via a malicious pipeline label configuration in the label template. When a user with pipeline-configure permissions creates a pipeline with crafted label data, the vulnerability can affect browser displays of Valu...

5.4CVSS5.2AI score0.00516EPSS

Exploits0References6Affected Software1

OSV•added 2023/03/27 8:36 p.m.•11 views

CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd

5.4CVSS5.3AI score0.00516EPSS

Exploits0References8

CNNVD•added 2022/10/14 12:0 a.m.•2 views

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 21.1.0 that stems from the fact that GoCD discloses the symmetric key used to encrypt/decrypt any security variables/secrets in the GoCD configuration to an authenticated agent, a malicious/compromised...

6.5CVSS6.5AI score0.00355EPSS

Exploits0References5

CNVD•added 2022/05/24 12:0 a.m.•93 views

GoCD Cross-Site Scripting Vulnerability

GoCD is a continuous delivery server. A cross-site scripting vulnerability exists in GoCD versions 19.11.0 through 21.4.0, which could be exploited by attackers to obtain a GoCD user's session cookie and execute malicious code...

5.4CVSS3.7AI score0.005EPSS

Exploits0References1

CVE•added 2022/05/20 7:5 p.m.•69 views

CVE-2022-29182

GoCD versions 19.11.0–21.4.0 are vulnerable to a DOM-based XSS in the Stage Details > Graphs tab. An attacker-hosted page can abuse the messaging channel between the parent page and the stage-graphs iframe to execute script in the user’s browser context, potentially exfiltrating session cookie...

5.4CVSS4.7AI score0.005EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by