Lucene search
K

13 matches found

CVE
CVE
added 2026/04/27 7:53 a.m.27 views

CVE-2026-40048

CVE-2026-40048 – Apache Camel PQC deserialization flaw : The Camel-PQC FileBasedKeyLifecycleManager deserializes the contents of .key files in the configured key directory via java.io.ObjectInputStream without ObjectInputFilter or class-loading restrictions. The vulnerable step is that the cast t...

7.8CVSS6.3AI score0.00342EPSS
Exploits0References5Affected Software1
Debian
Debian
added 2025/02/11 5:21 p.m.18 views

[SECURITY] [DLA 4050-1] bind9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4050-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini February 11, 2025 https://wiki.debian.org/LTS -...

7.5CVSS7.4AI score0.14614EPSS
Exploits0
OSV
OSV
added 2022/10/19 7:0 p.m.24 views

GHSA-XP3R-9WX8-Q2MM Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. These...

7.5CVSS5.8AI score0.00647EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.31 views

Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. These...

5.3CVSS6AI score0.00647EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.26 views

Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin

Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability is onl...

5.3CVSS5.8AI score0.00666EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.23 views

GHSA-Q9G4-9FX4-V533 Stored XSS vulnerability in Jenkins DotCi Plugin

DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the...

8.8CVSS5.4AI score0.00587EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.25 views

Jenkins WildFly Deployer Plugin vulnerable to path traversal

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide...

5.3CVSS6.4AI score0.00578EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.39 views

Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

8.2CVSS7.9AI score0.0085EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:16 p.m.26 views

Stored XSS vulnerability in Jenkins Git Plugin

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to th...

6.1CVSS5.8AI score0.01197EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.28 views

Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...

6.5CVSS3.4AI score0.01314EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.21 views

GHSA-2587-W93G-63M2 Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...

5.3CVSS6.6AI score0.00796EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.26 views

Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...

6.5CVSS1.3AI score0.00796EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/29 12:0 a.m.3 views

PT-2020-15312 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.218 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue allows for clickjacking attacks due to the absence of the X-Frame-Options: deny HTTP header in REST API responses. An attacker could exploit th...

5.4CVSS6AI score0.0185EPSS
Exploits0References14
Rows per page
Query Builder