CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10511 matches found

RedHat Linux•added 2022/05/17 11:41 p.m.•2 views

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.02651EPSS

Exploits0References4

RedHat Linux•added 2022/05/17 11:41 p.m.•5 views

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.2AI score0.02401EPSS

Exploits0References4

RedHat Linux•added 2022/05/17 11:41 p.m.•1 views

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

5.3CVSS7.4AI score0.02651EPSS

Exploits0References4

CNNVD•added 2022/05/16 12:0 a.m.•2 views

Cybozu Garoon 输入验证错误漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An input validation error vulnerability exists in Cybozu Garoon, which stems from insufficient validation of...

4.3CVSS5.3AI score0.0063EPSS

Exploits0References5

CNNVD•added 2022/05/16 12:0 a.m.•2 views

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. Cybozu Garoon suffers from an Operation Restriction Bypass vulnerability that originates from improper privilege...

4.3CVSS5.4AI score0.00661EPSS

Exploits0References5

Github Security Blog•added 2022/05/14 2:45 a.m.•22 views

Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a specified resource. Additionally, this API endpoint did not require POST requests, resulting in a CSRF vulnerability. As of version...

4.3CVSS4.8AI score0.00761EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/14 1:0 a.m.•0 views

GHSA-JQWH-JRPG-5J3H Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

8.8CVSS5.9AI score0.00832EPSS

Exploits0References2

Github Security Blog•added 2022/05/14 1:0 a.m.•21 views

Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

8.8CVSS4AI score0.00832EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/13 1:50 a.m.•10 views

GHSA-PWRM-8MVM-P2F2 Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.3AI score0.01019EPSS

Exploits0References4

Github Security Blog•added 2022/05/13 1:50 a.m.•21 views

Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks

6.5CVSS6.6AI score0.01019EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2022/05/13 1:48 a.m.•40 views

Improper Limitation of a Pathname to a Restricted Directory in Jenkins

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...

8.2CVSS5.2AI score0.06762EPSS

Exploits1References8Affected Software1

OSV•added 2022/05/13 1:42 a.m.•20 views

GHSA-W8GX-HHCX-PX6W Openstack tripleo-heat-templates unauthenticated file access

A resource-permission flaw was found in the tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thu...

6.3CVSS6.2AI score0.00285EPSS

Exploits0References9

Github Security Blog•added 2022/05/13 1:36 a.m.•18 views

Infinispan Rest API Does Not Enforce Auth Constraints

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...

6.5CVSS6.6AI score0.01559EPSS

Exploits0References7Affected Software1

OSV•added 2022/05/13 1:31 a.m.•18 views

GHSA-QXH5-5R5P-5GVF Cross-Site Request Forgery in Jenkins Blue Ocean Plugin

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. The vulnerability is found in: - blueocean-core-js/src/js/bundleStartup.js - blueocean-core-js/src/js/fetch.ts -...

6.5CVSS6.6AI score0.01108EPSS

Exploits0References5

Github Security Blog•added 2022/05/13 1:31 a.m.•26 views

Cross-Site Request Forgery in Jenkins Blue Ocean Plugin

6.5CVSS5AI score0.01108EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2022/05/13 1:31 a.m.•20 views

Jenkins Job Import Plugin CSRF vulnerability

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

5.3CVSS6.8AI score0.00524EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/13 1:31 a.m.•11 views

GHSA-8CRR-XF35-5F5P Jenkins Job Import Plugin CSRF vulnerability

5.3CVSS5AI score0.00524EPSS

Exploits0References4

OSV•added 2022/05/13 1:18 a.m.•14 views

GHSA-VHH3-MVC4-HHQ6 Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

4.3CVSS4.5AI score0.00642EPSS

Exploits0References2

Github Security Blog•added 2022/05/13 1:15 a.m.•22 views

Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...

4.3CVSS6.7AI score0.00931EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/13 1:13 a.m.•5 views

GHSA-8HXM-42V5-66HM Moodle vulnerable to Cross-Site Request Forgery

Multiple cross-site request forgery CSRF vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data...

8.7CVSS7.3AI score0.01011EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by