io.jenkins.plugins:coverage-badges-extension (>=157.vf5d725246222 <=197.vb_390173d00ec) potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=2.1.0 <=2.2941.v08df75b_767f1)

io.jenkins.plugins:coverage MAVEN version =2.1.0, =157.vf5d725246222, =197.vb390173d00ec Source cves: CVE-2025-67641 Source advisory: SNYK:JAVA-IOJENKINSPLUGINS-14383149...

io.jenkins.plugins:autograding (=4.2.0), io.jenkins.plugins:code-coverage-api (=4.99.0) +2 more potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=1.10.0 <=2.2941.v08df75b_767f1)

io.jenkins.plugins:coverage MAVEN version =1.10.0, =-rc6.886d29ff0f4d, =67.v35d155a1ffdf, =79.v78d40e1fc27e Source cves: CVE-2025-67641 Source advisory: OSV:GHSA-V3F3-RF6R-43X5...

EUVD-2025-202455

Jenkins Coverage Plugin has a stored cross-site scripting XSS vulnerability...

Cross-site Scripting (XSS)

Overview io.jenkins.plugins:coverage is a Collects reports of code coverage or mutation coverage tools and visualizes the results. It has support for the following report formats: JaCoCo, Cobertura, and PIT. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper...

Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

GHSA-V3F3-RF6R-43X5 Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-67641

The CVE-2025-67641 entry concerns the Jenkins Coverage Plugin (versions 2.3054.ve1ff7b_a_a_123b_ and earlier). The root cause is insufficient validation of the configured coverage results ID when creating coverage results, with validation only occurring during UI-based job configuration, enabling...

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

Jenkins plugins Multiple Vulnerabilities (2025-12-10)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...

Jenkins Coverage Plugin 安全漏洞

Jenkins Coverage Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and prior versions, which stems from an unvalidated configured Coverage Result ID, and could lead to a stored cross-site scripting vulnerability...

PT-2025-50359

Name of the Vulnerable Software and Affected Versions Jenkins Coverage Plugin versions 2.3054.ve1ff7b a a 123b and earlier Description The Jenkins Coverage Plugin does not properly validate the configured coverage results ID when creating coverage results. Specifically, the validation occurs only...

New in Snort3: Enhanced rule grouping for greater flexibility and control

Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These enhancements are designed to give you greater flexibility in how you manage, organize, and prioritize detection rules. They also make it easier to align SNORT® rules with your organization's...

CVE-2025-40336

The CVE concerns the Linux kernel component drm/gpusvm. A fix for hmm_pfn_to_map_order() was applied to correctly handle cases where the hmm range partially covers a huge page (e.g., 2M). Without this, memory could be mapped outside the intended range or not mapped by the mm. The update aligns wi...

ReFuzz: Reusing Tests for Processor Fuzzing with Contextual Bandits

Processor designs rely on iterative modifications and reuse well-established designs. However, this reuse of prior designs also leads to similar vulnerabilities across multiple processors. As processors grow increasingly complex with iterative modifications, efficiently detecting vulnerabilities...

CVE-2025-60274

creationtimestamp| type| source ---|---|--- 2025-11-16 20:47:14+00:00| seen| https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/...

An Evaluation Framework for Network IDS/IPS Datasets: Leveraging MITRE ATT&CK and Industry Relevance Metrics

The performance of Machine Learning ML and Deep Learning DL-based Intrusion Detection and Prevention Systems IDS/IPS is critically dependent on the relevance and quality of the datasets used for training and evaluation. However, current AI model evaluation practices for developing IDS/IPS focus...