398 matches found
CVE-2026-23744
CVE-2026-23744 affects MCPJam Inspector up to version 1.4.2. The Nuclei template and related sources describe a remote code execution (RCE) vulnerability exploitable via the /api/mcp/connect endpoint. The flaw arises from passing user-controlled input to shell execution, and the service is expose...
CVE-2026-23744 REC in MCPJam inspector due to HTTP Endpoint exposes
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam...
CVE-2019-11466
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access...
CVE-2025-15453
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...
CVE-2025-15453
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...
CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...
CVE-2025-13805
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...
CVE-2025-13805
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...
Missing Authorization
Overview org.jenkins-ci.plugins:publish-to-bitbucket is a This plugin publishes the current code to a bitbucket server by creating a new repository and/or project. Creates a Bitbucket repository and associated project from the current code. Features Creates Bitbucket repository based on the curre...
GHSA-M244-6MFF-P355 Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check
Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials IDs obtained through another method, capturing...
GHSA-6MGR-3374-4P3C Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery
Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...
GHSA-JWM4-955W-4HJ3 Jenkins Themis Plugin is missing a permission check
Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.plugins:nexus-task-runner is a This plugin executes Sonatype Nexus scheduled tasks after your build. For example, if you want to refresh your Nexus's repositories index after building your project, you can use execute a Nexus task whose type is "Publish index" using this...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...
GHSA-93MH-MX9W-M69Q Jenkins Themis Plugin vulnerable to cross-site request forgery
Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
GHSA-X2PV-FPH3-PHFX Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery
Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...
Jenkins Themis Plugin vulnerable to cross-site request forgery
Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
EUVD-2021-1415
Malware in sbrugna...
EUVD-2021-0816
Malware in sbrugna...