EUVD-2022-6270

Malicious code in bioql PyPI...

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

CVE-2021-24588

The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting XSS vulnerability in the plugin's setting page...

PT-2025-15051 · WordPress · Email Notifications For Updates

Name of the Vulnerable Software and Affected Versions: Email Notifications for Updates plugin for WordPress versions up to, and including, 1.1.6 Description: The issue allows unauthorized modification of data, potentially leading to privilege escalation, due to a missing capability check on the...

WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Advanced Notifications versions = 1.2.7...

WordPress UPDATE NOTIFICATIONS plugin <= 0.3.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin UPDATE NOTIFICATIONS versions = 0.3.4...

CVE-2024-1955

CVE-2024-1955 affects the WordPress plugin Hide Dashboard Notifications (up to v1.3). Root cause: missing capability check in the warning_notices_settings function, enabling authenticated attackers with contributor+ rights to modify the plugin’s settings. Impact: unauthorized modification of data...

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

Design/Logic Flaw

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

CVE-2022-41906

OpenSearch Notifications Plugin contains a Server-Side Request Forgery (SSRF) flaw affecting OpenSearch Notifications versions 2.0.0 through 2.2.0. The issue could allow a privileged user to enumerate listening services or access resources beyond the plugin’s intended scope via HTTP requests. The...

PT-2022-26137 · Opensearch · Opensearch Notifications Plugin

Name of the Vulnerable Software and Affected Versions: OpenSearch Notifications Plugin versions 2.0.0 through 2.2.0 Description: A potential Server-Side Request Forgery SSRF issue in the OpenSearch Notifications Plugin could allow an existing privileged user to enumerate listening services or...

Jenkins Build Notifications Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

GHSA-V3R8-6VFJ-PPPF Plaintext Storage of a Password in Jenkins Build Notifications Plugin

Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...

Plaintext Storage of a Password in Jenkins Build Notifications Plugin

Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...

CVE-2022-34800

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34801

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

CVE-2022-34801

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

CVE-2022-34801

Jenkins Build Notifications Plugin 1.5.0 and earlier is affected by CVE-2022-34801, where tokens are transmitted in plain text as part of the global Jenkins configuration form, potentially exposing them. Root cause: sensitive tokens stored/transmitted in plain text within Jenkins configuration. A...

CVE-2022-34800

The CVE-2022-34800 entry corresponds to Jenkins Build Notifications Plugin 1.5.0 and earlier, where tokens are stored unencrypted in the Jenkins controller’s global configuration files. Affected files include the plugin’s global configuration artifacts (e.g., PushoverNotifier.xml, SlackNotifier.x...

PT-2022-22352 · Jenkins · Jenkins Build Notifications Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Notifications Plugin versions 1.5.0 and earlier Description: The issue allows users with access to the Jenkins controller file system to view tokens stored unencrypted in the plugin's global configuration files. Specifically,...