EUVD-2025-11953

Malicious code in bioql PyPI...

EUVD-2022-5971

Malicious code in bioql PyPI...

EUVD-2022-1216

Malicious code in bioql PyPI...

EUVD-2022-5883

Malicious code in bioql PyPI...

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

CVE-2025-43955

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs...

PT-2025-17415 · Unknown · Commons-Jxpath +1

Name of the Vulnerable Software and Affected Versions: Convertigo versions 8.3.4 and earlier Description: The issue is related to the TwsCachedXPathAPI in Convertigo, which does not restrict the use of commons-jxpath APIs. Recommendations: For versions 8.3.4 and earlier, consider restricting acce...

CVE-2025-43955

Convertigo

Convertigo 安全漏洞

Convertigo is an open source low-code platform from Convertigo Open Source that includes a no-code application builder for full-stack mobile and web application development. A security vulnerability exists in Convertigo 8.3.4 and earlier versions that stems from the TwsCachedXPathAPI not...

GHSA-7495-24MX-HPH2 Missing permission check in Jenkins Convertigo Mobile Platform Plugin

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

GHSA-24H8-CPQM-QMF3 Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

GHSA-C8MF-MC3F-2WVC Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

Missing permission check in Jenkins Convertigo Mobile Platform Plugin

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...