39 matches found
EUVD-2022-5440
Malicious code in bioql PyPI...
EUVD-2022-5101
Malicious code in bioql PyPI...
EUVD-2025-16842
Malicious code in bioql PyPI...
CVE-2025-4578
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4578
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4580 File Provider <= 1.2.3 - Item Deletion via CSRF
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-4580 File Provider <= 1.2.3 - Item Deletion via CSRF
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
PT-2025-23761 · WordPress · Filterprovider
Name of the Vulnerable Software and Affected Versions: File Provider versions 1.2.3 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the File Provider WordPress plugin. This could allow attackers to make a logged-in admin change the settings via ...
WordPress plugin File Provider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress File Provider plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker...
CVE-2017-1000104
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...
CVE-2023-40339
Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...
CVE-2023-40339
CVE-2023-40339 affects the Jenkins Config File Provider Plugin (versions including 952.va_544a_6234b_46 and earlier). The issue is that credentials specified in configuration files are not masked (not replaced with asterisks) when written to the build log, potentially exposing secrets. Public adv...
PT-2023-27397 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier Description: The issue concerns the Jenkins Config File Provider Plugin, where credentials specified in configuration files are not masked when written to the build...
GHSA-2959-FJ73-HM8P Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...
CloudBees Jenkins Config File Provider Plugin Privilege Checking Vulnerability (CNVD-2021-31659)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...
CloudBees Jenkins Config File Provider Plugin Privilege Check Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...
CloudBees Jenkins Config File Provider Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-31660)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Config File Provider Plugin is used in one of...
CVE-2021-21645
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...