Lucene search
K

25 matches found

Snyk
Snyk
added 2026/06/24 3:18 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the connect process. An attacker can initiate unauthorized connections to arbitrary URLs using credentials IDs of their choosing by tricking a user into performing unwanted actions while authenticated...

5.4CVSS6.1AI score0.00101EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.12 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38774

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.15 views

CVE-2026-57293

CVE-2026-57293 affects the Jenkins Gitee Plugin (1288.v18b_deb_c9069b_ and earlier). The vulnerability is an incorrect permission check that lets an attacker with global Item/Configure permission, but without Item/Configure permission on any specific job, enumerate credentials IDs stored in Jenki...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.34 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.12 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.17 views

CVE-2026-57292

The CVE-2026-57292 entry concerns the Jenkins Gitee Plugin (affected versions include 1288.v18b_deb_c9069b_ and earlier). The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to cause the plugin to connect to an attacker-specified URL using attacker-specified credentia...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38773

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.16 views

CVE-2026-57291

CVE-2026-57291 affects Jenkins Gitee Plugin (version 1288.v18b_deb_c9069b_ and earlier). The issue is missing permission checks in the plugin, allowing attackers with Overall/Read permissions to connect to an attacker-controlled URL using attacker-controlled credentials IDs obtained through anoth...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.10 views

CVE-2026-3789

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...

8.8CVSS6.2AI score0.00422EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 12:30 a.m.9 views

EUVD-2026-10279

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...

6.5CVSS5.5AI score0.00422EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.10 views

Bytedesk 代码问题漏洞

Bytedesk is a multi-channel intelligent customer service platform developed by the individual developers of bytedesk.com. Versions of Bytedesk 1.3.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter apiUrl in the file...

8.8CVSS6.7AI score0.00422EPSS
Exploits1References9
CVE
CVE
added 2026/03/08 11:32 p.m.16 views

CVE-2026-3789

CVE-2026-3789 affects Bytedesk up to version 1.3.9, specifically the getModels function in SpringAIGiteeRestService.java within SpringAIGiteeRestController. The vulnerability arises from manipulating the apiUrl argument, leading to server-side request forgery and remote exploitation. An exploit i...

8.8CVSS6.2AI score0.00422EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder