Lucene search
K

19182 matches found

Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.2 views

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

6.5AI score0.00241EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.8 views

Jenkins Azure CLI Plugin does not restrict the commands it executes

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller. As of publication of this advisory, there is no fix...

8.8CVSS7.5AI score0.00556EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/29 3:31 p.m.6 views

GHSA-RH72-238F-G26Q Jenkins Azure CLI Plugin does not restrict the commands it executes

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller. As of publication of this advisory, there is no fix...

8.8CVSS7.5AI score0.00556EPSS
Exploits0References4
NVD
NVD
added 2025/10/29 2:15 p.m.6 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS0.00158EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 2:15 p.m.6 views

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.4 views

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

6.5AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.9 views

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.9 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.3 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

6.5AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.9 views

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.4 views

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

6.4AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 1:29 p.m.17 views

CVE-2025-64143

The CVE-2025-64143 issue affects the Jenkins OpenShift Pipeline Plugin, version 1.0.57 and earlier, which stores authorization tokens unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or control‑plane access to view tokens, exposing sens...

4.3CVSS6.4AI score0.00179EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/10/29 1:3 a.m.6 views

net: nfc: nci: Add parameter validation for packet data

...

6.3CVSS7AI score0.00202EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.4 views

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

10CVSS6AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44293

Name of the Vulnerable Software and Affected Versions Jenkins ByteGuard Build Actions Plugin version 1.0 Description The Jenkins ByteGuard Build Actions Plugin version 1.0 stores API tokens unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44295

Name of the Vulnerable Software and Affected Versions Jenkins Curseforge Publisher Plugin version 1.0 Description The Jenkins Curseforge Publisher Plugin version 1.0 stores API Keys unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with Item/Extended...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/29 12:0 a.m.5 views

Aviatrix Controller Unrestricted Upload of File (CVE-2021-40870)

While the Aviatrix UI requires authentication, many API calls do not enforce a check for authentication. Some of these API calls allow an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend,...

9.8CVSS8.5AI score0.92382EPSS
Exploits5References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.8 views

Jenkins Azure CLI Plugin 安全漏洞

Jenkins Azure CLI Plugin is an open source command line plugin for Jenkins. A security vulnerability exists in Jenkins Azure CLI Plugin version 0.9 and earlier, which stems from an unrestricted number of commands that can be executed on the Jenkins controller, which could lead to the execution of...

8.8CVSS7AI score0.00556EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/28 6:52 p.m.15 views

CVE-2025-12304

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

5.3CVSS6.3AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 4:54 p.m.4 views

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

5.3CVSS6.4AI score0.00327EPSS
Exploits1References1
Rows per page
Query Builder