Lucene search
K

34 matches found

EUVD
EUVD
added 2026/06/04 2:27 a.m.15 views

EUVD-2026-34198

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.9AI score0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:27 a.m.6 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.9AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46136

ReleaseJobunpack builds job dir = File.join@release dir, 'jobs', name and job tgz = File.join@release dir, 'jobs', "name.tgz" where name returns @job meta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then...

8.7CVSS5.9AI score0.00122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

6.9CVSS5.7AI score0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 6:30 p.m.7 views

CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

6.9CVSS5.7AI score0.00449EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 6:30 p.m.26 views

CVE-2026-7589 ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

6.9CVSS0.00449EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/01 6:30 p.m.6 views

EUVD-2026-26706

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function createcsvexport of the file services/csv-export-service/app/api/v1/endpoints/csvexport.py of the component CSV Export. This manipulation of the argument...

6.9CVSS5.7AI score0.00449EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Splunk MCP Integration 路径遍历漏洞

Splunk MCP Integration is a natural language interactive Splunk data analytics integration tool from the individual developer AI-Ninja. Splunk MCP Integration has a path traversal vulnerability that originates in the createcsvexport function in the file...

6.9CVSS5.9AI score0.00449EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 6:17 a.m.8 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the wrapper generation logic in HtmlPublisher. An attacker can inject arbitrary HTML attributes or markup by supplyin...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 3:30 p.m.9 views

GHSA-F8H4-46XV-H7JJ Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file

Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...

8CVSS5.9AI score0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.32 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS4.8AI score0.00281EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 1:31 p.m.6 views

EUVD-2026-26226

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS4.8AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

4.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5303

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.02527EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.8 views

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS7.6AI score0.01188EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 8:53 p.m.59 views

CVE-2024-52552

The CVE-2024-52552 issue affects the Jenkins Authorize Project Plugin (versions ≤ 1.7.2). The root cause is that the plugin evaluates a string containing the job name with JavaScript on the Authorization view, causing a stored XSS vulnerability. Exploitation requires Item/Configure permissions. T...

8CVSS5.7AI score0.00668EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.6 views

PT-2024-13753 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/add job" API endpoint in the job name variable. This could allow an attacker to store...

7.1CVSS6.5AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.6 views

Parse Server Injection Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in Parse Server before 6.5.5, 7.0.0-alpha.29, which stems from the fact that a call to an invalid Parse Server Cloud Function name or Cloud Job name can cause...

9CVSS7.2AI score0.01188EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:5 a.m.16 views

BIT-JENKINS-2020-2222

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.3AI score0.01126EPSS
Exploits0References3
Rows per page
Query Builder