RHCOS 4 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. - CRI-O: Arbitrary code execution in cri-o via abusing kernel.corepattern kernel parameter CVE-2022-0811 - workflow-cps: OS command...

RHCOS 4 : Red Hat OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:2662)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2662 advisory. - jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin CVE-2019-10355 -...

RHCOS 4 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1021 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

PT-2026-36742

Name of the Vulnerable Software and Affected Versions crocodilestick Calibre-Web-Automated versions prior to 4.0.7 Description A flaw in the Admin Endpoint component, specifically within the cps/cwa functions.py file, allows for missing authentication. This issue enables a remote attacker to bypa...

EUVD-2025-206083

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

CVE-2020-36904

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +496 more potentially affected by CVE-2025-27622 +1 more via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27622https://vulners.com/cve/CVE-2025-2762...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +495 more potentially affected by CVE-2025-27623 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.1)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27623https://vulners.com/cve/CVE-2025-2762...

au.com.versent.jenkins.plugins:ignore-committer-strategy (=29.v7c3891a_434c3), com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0) +118 more potentially affected by CVE-2024-52550 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=3975.v567e2a_1ffa_22)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =2.33.0, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.20 - de.taimos:pipeline-deploymon =1.0 and more Source cves: CVE-2024-52550 Source advisory: OSV:GHSA-MRPR-VR82-X88R...

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.lookout.jenkins:environment-script (=100.v3a_f1a_6a_b_7549) +126 more potentially affected by CVE-2024-34145 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1335.vf07d9ce377a_e)

org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =2.33.0, =1.1.0.413.v3023d27e8434, =320.v5a0933ae7d61, =2.4.2, =3.0, =4.1.0, =1.27.17, =1.27.4, =1.27.4, =1714.v09593e830cfa, =11.2.0, =12.9.1 and more Source cves: CVE-2024-34145 Source advisory:...

Rockwell Automation FactoryTalk View Machine Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Machine Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40338 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)

org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40338 Source advisory: OSV:GHSA-36HQ-V2FC-RPQP...

Design/Logic Flaw

The affected products store both public and private key that are used to sign and protect Custom Parameter Set CPS file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This iss...

CVE-2022-3927

CVE-2022-3927 concerns Hitachi Energy FOXMAN-UN and UNEM products. The issue arises from storing public and private keys used to sign and protect Custom Parameter Set (CPS) files, enabling an attacker to modify a CPS and sign it as legitimate. Affected products/versions: FOXMAN-UN R9C–R15B and UN...

PT-2023-13716 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R15B UNEM versions R9C through R15B Description: The affected products store both public and private keys used to sign and protect Custom Parameter Set CPS files from modification. An attacker who exploits this...

cps-zg.hr Cross Site Scripting vulnerability OBB-2807470

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cps-pflege.de Cross Site Scripting vulnerability OBB-2623644

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2018-1000866 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.6)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2018-1000866 Source advisory: OSV:GHSA-GQHM-4H93-R...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2019-1003030 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.6)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2019-1003030 Source advisory: OSV:GHSA-R6MC-MRVR-2...