CVE-2018-25327 Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

PT-2025-47029

Name of the Vulnerable Software and Affected Versions Brightpick versions affected versions not specified Description The Brightpick Internal Logic Control web interface is accessible without user authentication. This allows an unauthorized user to manipulate robot control functions. These...

SUSE CVE-2025-59345

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create...

podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...

CVE-2024-40717

CVE-2024-40717 affects Veeam Backup & Replication (12.x prior to 12.3.0.310). A low-privileged user with certain roles can update an existing job and configure pre/post scripts (potentially on a network share) that run with elevated privileges, enabling remote code execution by scheduling near-im...

Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

CVE-2024-28160

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

CVE-2024-28157

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

CVE-2024-28160

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs...

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An improper authorization issue allows Guest project members to access trace log of jobs when it is enabled, resulting in disclosure of sensitive information...

GHSA-62V2-XWH3-5GVX Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

GHSA-PJ76-75CM-3552 Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section

Concrete CMS previously concrete5 before 9.2 is vulnerable to possible Auth bypass in the jobs section...

Information Disclosure

jenkins-2-plugins is vulnerable to Information Disclosure. The webhook endpoint provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access, resulting in disclosure of sensitive information...

Veeam PowerShell cmdlets to help Automate Backup Copy Backup Format Upgrade

This article provides information about using Veeam PowerShell to automate the procedure of upgrading Legacy Periodic Backup Copy jobs to use the new True Per-Machine backup format. These PowerShell commands can be used to simplify the Backup Chain Format upgrade process...

CSRF Vulnerability with Rails < 5.2

Clockwork Web is vulnerable to cross-site request forgery CSRF with Rails 5.2. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Syncovery For Linux Web-GUI Authenticated Remote Command Execution', 'Description' = %q This module exploits an authenticated...

Update 19.14 for Microsoft Dynamics 365 Business Central (on-premises) 2021 Release Wave 2 (Application Build 19.14.49970, Platform Build 19.0.49925)

Update 19.14 for Microsoft Dynamics 365 Business Central on-premises 2021 Release Wave 2 Application Build 19.14.49970, Platform Build 19.0.49925 Important: The packages of the update 19.14 are no longer available. You can download update 19.15 instead. Overview This update replaces previously...

An attacker can lock operator out of the pod by setting gas limit that's higher than the block gas limit of dest chain

Lines of code Vulnerability details When a beaming job is executed, there's a requirement that the gas left would be at least as the gasLimit set by the user. Given that there's no limit on the gasLimit the user can set, a user can set the gasLimit to amount that's higher than the block gas limit...