Lucene search
K

40 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2552

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00783EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0193

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.00224EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1764

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00617EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:59 p.m.8 views

CVE-2022-34195

Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:31 a.m.9 views

CVE-2025-24355

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

7.1CVSS6.7AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2025/01/24 4:48 p.m.10 views

CVE-2025-24355 Updatecli may expose Maven credentials in console output

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

7.1CVSS7AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.4 views

Updatecli 安全漏洞

Updatecli is a declarative dependency management tool from the Updatecli open source. A security vulnerability exists in Updatecli versions prior to 0.93.0, which stems from the fact that private Maven repository credentials may be leaked to application logs if a retrieval operation fails...

7.1CVSS6.7AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/19 5:37 p.m.15 views

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

7.1CVSS7.1AI score0.00783EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.7 views

PT-2024-25461 · Unknown · Mvnrepository Ms Basic +1

Name of the Vulnerable Software and Affected Versions: MvnRepository MS Basic versions 2.1.18.3 and earlier Maven net.mingsoft MS Basic versions 2.1.13.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the search function. This type of vulnerability...

4.1CVSS6.1AI score0.0036EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/06/21 7:20 a.m.24 views

CVE-2023-35144

A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a web page, which would be...

8CVSS6.3AI score0.00617EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.49 views

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

8.1CVSS6.2AI score0.0083EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2023/06/14 3:30 p.m.23 views

Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.6AI score0.00617EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/06/14 1:15 p.m.19 views

CVE-2023-35144

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.2AI score0.00617EPSS
Exploits0References2
OSV
OSV
added 2023/06/14 1:15 p.m.5 views

CVE-2023-35144

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.7AI score0.00617EPSS
Exploits0References2
OSV
OSV
added 2023/06/14 1:15 p.m.2 views

CVE-2023-35143

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

5.4CVSS5.7AI score0.00617EPSS
Exploits0References2
NVD
NVD
added 2023/06/14 1:15 p.m.25 views

CVE-2023-35143

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

5.4CVSS5.3AI score0.00617EPSS
Exploits0References2
Prion
Prion
added 2023/06/14 1:15 p.m.22 views

Cross site scripting

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

4.9CVSS5.2AI score0.00617EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/14 12:53 p.m.22 views

CVE-2023-35144

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.8AI score0.00617EPSS
Exploits0References2
CVE
CVE
added 2023/06/14 12:53 p.m.57 views

CVE-2023-35144

CVE-2023-35144 affects the Jenkins Maven Repository Server Plugin, versions 1.10 and earlier. The vulnerability arises from improper escaping of project and build display names on the Build Artifacts As Maven Repository page, enabling a stored XSS attack. Impact: attacker-controlled input could e...

5.4CVSS5.2AI score0.00617EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/14 12:53 p.m.5 views

CVE-2023-35144

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...

5.5AI score0.00617EPSS
Exploits0References2
Rows per page
Query Builder