CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216 matches found

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7.3AI score0.53879EPSS

Exploits3References5

RedhatCVE•added 2026/01/09 9:21 a.m.•7 views

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation...

6.5CVSS6.7AI score0.00527EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:12 a.m.•8 views

CVE-2022-0668

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user...

9.8CVSS7AI score0.00632EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:41 a.m.•18 views

CVE-2022-0573

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a...

8.8CVSS7.3AI score0.01896EPSS

Exploits0References1

CVE•added 2026/01/04 9:17 a.m.•16 views

CVE-2025-14830

CVE-2025-14830 affects JFrog Artifactory (Workers) versions 7.94.0 through 7.117.9 (and 7.117.10 as the fixed point referenced) due to improper neutralization of input during web page generation, resulting in Cross-Site Scripting (XSS). Root cause: inadequate input handling in the web page genera...

4.9CVSS5.5AI score0.00236EPSS

Exploits0References1

Positive Technologies•added 2026/01/04 12:0 a.m.•7 views

PT-2026-1151

Name of the Vulnerable Software and Affected Versions JFrog Artifactory Workers versions 7.94.0 through 7.117.9 Description An issue exists in JFrog Artifactory Workers that allows for Cross-Site Scripting XSS. This is due to improper neutralization of input during web page generation. The issue...

4.9CVSS6AI score0.00236EPSS

Exploits0References4

CNNVD•added 2026/01/04 12:0 a.m.•7 views

JFrog Artifactory Workers 跨站脚本漏洞

JFrog Artifactory Workers is an extension service from JFrog USA. A cross-site scripting vulnerability exists in JFrog Artifactory Workers versions 7.94.0 through prior to 7.117.10, which stems from improper input neutralization during web page generation and could lead to cross-site scripting...

4.9CVSS6AI score0.00236EPSS

Exploits0References2