CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Talos Blog•added 2025/08/19 10:0 a.m.•6 views

JJ Cummings: The art of controlling information

Welcome to the second episode of Humans of Talos, our ongoing video interview series that celebrates the people powering Cisco's threat intelligence efforts. In each episode, we dive deep into the personal journeys, motivations and lessons learned from the team members who help keep the internet...

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-10144 Malicious code in @zalastax/nolb-_jj (npm)

The package @zalastax/nolb-jj was found to contain malicious code...

7.2AI score

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•2 views

Malicious code in @zalastax/nolb-_jj (npm)

The package @zalastax/nolb-jj was found to contain malicious code...

SUSE CVE•added 2024/11/08 3:48 a.m.•0 views

SUSE CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS6.9AI score0.00172EPSS

Exploits0References3

OSV•added 2024/11/07 4:18 p.m.•4 views

GHSA-88H5-6W7M-5W56 jj vulnerable to path traversal via crafted Git repositories

Impact Specially crafted Git repositories can cause jj to write files outside the clone. Patches Fixed in 0.23.0. Workarounds Not much other than to not clone repositories from untrusted sources. References Here's the original report from @joernchen: When cloning a crafted Git repository it is...

9.2CVSS6.3AI score0.00172EPSS

Exploits0References3

Github Security Blog•added 2024/11/07 4:18 p.m.•13 views

jj vulnerable to path traversal via crafted Git repositories

9.3CVSS7AI score0.00172EPSS

Exploits0References3Affected Software1

NVD•added 2024/11/07 1:15 a.m.•13 views

CVE-2024-51990

9.3CVSS0.00172EPSS

Cvelist•added 2024/11/07 12:15 a.m.•15 views

CVE-2024-51990 Path traversal via crafted Git repositories in jj

9.3CVSS0.00172EPSS

Vulnrichment•added 2024/11/07 12:15 a.m.•6 views

CVE-2024-51990 Path traversal via crafted Git repositories in jj

9.3CVSS7AI score0.00172EPSS

CVE•added 2024/11/07 12:15 a.m.•41 views

CVE-2024-51990

CVE-2024-51990 affects jj (Jujutsu), a Git-compatible VCS written in Rust. The issue is a path traversal vulnerability where specially crafted Git repositories can cause jj to write files outside the clone. This has been fixed in version 0.23.0. If upgrading is not possible, users are advised to ...

9.3CVSS6.5AI score0.00172EPSS

Positive Technologies•added 2024/11/06 12:0 a.m.•3 views

PT-2024-35081 · Jj · Jj

Name of the Vulnerable Software and Affected Versions: jj versions prior to 0.23.0 Description: Specially crafted Git repositories can cause jj to write files outside the clone. This issue can be achieved by having file objects which contain path traversals. To exploit this, an attacker would nee...

9.3CVSS7.1AI score0.00172EPSS

Exploits0References12

Openbugbounty•added 2024/04/26 6:35 p.m.•9 views

jj-kappers.nl Improper Access Control vulnerability OBB-3922410

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Openbugbounty•added 2023/12/04 6:45 a.m.•5 views

jj-wood.com Improper Access Control vulnerability OBB-3801995

Openbugbounty•added 2023/10/31 7:9 p.m.•9 views

jj-e30.de Improper Access Control vulnerability OBB-3770547

6.9AI score

Openbugbounty•added 2022/07/31 1:6 p.m.•19 views

jjleachgroup.com.au Cross Site Scripting vulnerability OBB-2821495

Patchstack•added 2022/04/11 12:0 a.m.•14 views

WordPress Wbcom Designs – BuddyPress Search plugin <= 1.2.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Search plugin versions = 1.2.0. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closur...

2.3AI score

Patchstack•added 2022/04/11 12:0 a.m.•5 views

WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin <= 1.9.3 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability was discovered by Mary JJ Jay in WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin versions = 1.9.3. Solution Update the WordPress Wbcom Designs – Check-ins for BuddyPress Activity plugin to the latest...

4.1AI score

Patchstack•added 2022/04/11 12:0 a.m.•8 views

WordPress Wbcom Designs – BuddyPress Group Reviews plugin <= 2.8.0 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress Wbcom Designs – BuddyPress Group Reviews plugin versions = 2.8.0. Solution Update the WordPress Wbcom Designs – BuddyPress Group Reviews plugin to the latest available version at least...

3.4AI score

Patchstack•added 2022/04/11 12:0 a.m.•14 views

WordPress Wbcom BuddyPress Sticky Post premium plugin <= 1.9.7 - Arbitrary Plugin Installation, Activation and Deactivation vulnerability

Arbitrary Plugin Installation, Activation and Deactivation vulnerability discovered by Mary JJ Jay in WordPress BuddyPress Sticky Post premium plugin versions = 1.9.7. Solution Update the WordPress BuddyPress Sticky Post premium plugin to the latest available version at least 1.9.9...

3.9AI score