Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

53 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-6974

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01068EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-6761

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01295EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 1:14 a.m.4 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.8CVSS6.8AI score0.01295EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 11:42 p.m.2 views

CVE-2022-41239

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5AI score0.12355EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 11:42 p.m.8 views

CVE-2022-41237

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

9.8CVSS7.7AI score0.01068EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2023/09/06 3:30 p.m.1 views

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) potentially affected by CVE-2023-41940 via org.tap4j:tap (=1.10)

org.tap4j:tap MAVEN version =1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.tap4j:tap and may be impacted: - com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack =1.7.2, =1.0.0, =1.7.1 Source cves: CVE-2023-41940 Source advisory:...

5.4CVSS6AI score0.06937EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2023/07/12 6:30 p.m.0 views

com.groupon.jenkins-ci.plugins:DotCi (>=2.8.9 <=2.40.00), com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0) +5 more potentially affected by CVE-2023-37954 via com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.16 <=1.25)

com.sonyericsson.hudson.plugins.rebuild:rebuild MAVEN version =1.16, =2.8.9, =1.1.3, =1.7.2, =1.1.2, =1.0.0, =1.1.2 - hudson.plugins:project-inheritance =2.0.0 Source cves: CVE-2023-37954 Source advisory: OSV:GHSA-5R5C-7RM4-MP4R...

4.3CVSS5.8AI score0.00065EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2023/04/02 9:30 p.m.0 views

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2023-28669 via org.jenkins-ci.plugins:jacoco (>=1.0.14 <=1.0.9)

org.jenkins-ci.plugins:jacoco MAVEN version =1.0.14, =1.7.2, =1.0.0, =1.7, =1.12.3 Source cves: CVE-2023-28669 Source advisory: OSV:GHSA-XJ29-GFWW-J67G...

5.4CVSS6AI score0.08977EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2022/09/22 12:0 a.m.2 views

com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41239 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)

com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41239 Source advisory: OSV:GHSA-Q9G4-9FX4-V533...

5.4CVSS6AI score0.12355EPSS
Exploits0
OSV
OSVadded 2022/09/22 12:0 a.m.23 views

GHSA-Q9G4-9FX4-V533 Stored XSS vulnerability in Jenkins DotCi Plugin

DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the...

8.8CVSS5.4AI score0.12355EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/09/22 12:0 a.m.21 views

RCE vulnerability in Jenkins DotCi Plugin

DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by attackers able to modify .ci.yml files in SCM. This plugin has been suspended...

9.8CVSS9.5AI score0.01068EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/09/22 12:0 a.m.16 views

Stored XSS vulnerability in Jenkins DotCi Plugin

DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the...

5.4CVSS5.7AI score0.12355EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsvadded 2022/09/22 12:0 a.m.0 views

com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41237 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)

com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41237 Source advisory: OSV:GHSA-X3JJ-RGW9-7R5G...

9.8CVSS7.2AI score0.01068EPSS
Exploits0
OSV
OSVadded 2022/09/22 12:0 a.m.20 views

GHSA-9MC6-VGMQ-X6XF Lack of authentication mechanism in Jenkins DotCi Plugin webhook

DotCi Plugin provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository. In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attackers to trigger builds of jobs corresponding to...

5.3CVSS9.5AI score0.01295EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/09/22 12:0 a.m.21 views

Lack of authentication mechanism in Jenkins DotCi Plugin webhook

DotCi Plugin provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository. In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attackers to trigger builds of jobs corresponding to...

9.8CVSS9.5AI score0.01295EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/09/22 12:0 a.m.27 views

GHSA-X3JJ-RGW9-7R5G RCE vulnerability in Jenkins DotCi Plugin

DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by attackers able to modify .ci.yml files in SCM. This plugin has been suspended...

8.8CVSS9.7AI score0.01068EPSS
Exploits0References5
vulnersOsv
vulnersOsvadded 2022/09/22 12:0 a.m.0 views

com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41238 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)

com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41238 Source advisory: OSV:GHSA-9MC6-VGMQ-X6XF...

9.8CVSS7.2AI score0.01295EPSS
Exploits0
NVD
NVDadded 2022/09/21 4:15 p.m.14 views

CVE-2022-41239

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS0.12355EPSS
Exploits0References1
OSV
OSVadded 2022/09/21 4:15 p.m.13 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.8CVSS9.5AI score0.01295EPSS
Exploits0References1
NVD
NVDadded 2022/09/21 4:15 p.m.9 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.8CVSS0.01295EPSS
Exploits0References1
Rows per page
Query Builder