Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9813 matches found

Prion
Prionadded 2022/02/15 5:15 p.m.13 views

Design/Logic Flaw

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

6.5CVSS8.5AI score0.01422EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/02/15 4:10 p.m.27 views

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.9AI score0.01421EPSS
Exploits0References1
CVE
CVEadded 2022/02/15 4:10 p.m.194 views

CVE-2022-25174

CVE-2022-25174 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (and related Pipeline plugins) where distinct SCMs shared checkout directories, enabling an attacker with Item/Configure permission to invoke arbitrary OS commands on the controller via crafted SCM contents. Public sources wi...

8.8CVSS8.5AI score0.01421EPSS
Exploits0References1Affected Software1
Huntr
Huntradded 2022/02/15 11:36 a.m.21 views

OS Command Injection in part-db/part-db

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

10CVSS1AI score0.35436EPSS
Exploits5
CNNVD
CNNVDadded 2022/02/15 12:0 a.m.3 views

Jenkins Pipeline 操作系统命令注入漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. Jenkins Pipeline has a security vulnerability that can be exploited by an attacker to invoke arbitrary OS commands on the controller by crafting SCM content...

8.8CVSS8AI score0.01421EPSS
Exploits0References18
CNNVD
CNNVDadded 2022/02/15 12:0 a.m.3 views

Jenkins Pipeline 操作系统命令注入漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. Jenkins Pipeline has a security vulnerability that can be exploited by an attacker to invoke arbitrary OS commands on the controller by crafting SCM content...

8.8CVSS8AI score0.01422EPSS
Exploits0References19
CVE
CVEadded 2022/02/15 12:0 a.m.217 views

CVE-2022-25175

CVE-2022-25175 affects Jenkins Pipeline: Multibranch Plugin (up to 706.vd43c65dec013 and older) where readTrusted uses the same checkout directories for distinct SCMs. This enables attackers with Item/Configure permission to invoke arbitrary OS commands on the controller via crafted SCM contents....

8.8CVSS8.5AI score0.01382EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/02/15 12:0 a.m.3 views

PT-2022-17112 · Jenkins · Jenkins Pipeline: Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2648.va9433432b33c and earlier Jenkins Pipeline: Groovy Plugin prior to 2656.vf7a e7b 75a 457 Jenkins Pipeline: Groovy Plugin version 2.94.1 Jenkins Pipeline: Groovy Plugin version 2.92.1 Description:...

8.8CVSS8.6AI score0.01422EPSS
Exploits0References6
AlpineLinux
AlpineLinuxadded 2022/02/15 12:0 a.m.63 views

CVE-2022-25175

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.8CVSS4.3AI score0.01382EPSS
Exploits0References1
NVD
NVDadded 2022/02/11 9:15 a.m.11 views

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11...

9CVSS0.51193EPSS
Exploits4References4
ATTACKERKB
ATTACKERKBadded 2022/02/11 9:15 a.m.3 views

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11...

9CVSS7.2AI score0.51193EPSS
Exploits4References5
Cvelist
Cvelistadded 2022/02/11 8:45 a.m.31 views

CVE-2022-0557 OS Command Injection in microweber/microweber

OS Command Injection in Packagist microweber/microweber prior to 1.2.11...

8.1CVSS7.4AI score0.51193EPSS
Exploits4References4
CVE
CVEadded 2022/02/11 8:45 a.m.143 views

CVE-2022-0557

CVE-2022-0557 describes an OS Command Injection in the Packagist Microweber/Microweber package prior to version 1.2.11. Public advisories and exploits indicate an authenticated remote code execution path via uploaded content or crafted inputs that bypass input validation, enabling an attacker to ...

9CVSS7.2AI score0.51193EPSS
Exploits4References4Affected Software1
OSV
OSVadded 2022/02/11 8:45 a.m.16 views

CVE-2022-0557 OS Command Injection in microweber/microweber

OS Command Injection in Packagist microweber/microweber prior to 1.2.11...

8.1CVSS7.5AI score0.51193EPSS
Exploits4References6
Github Security Blog
Github Security Blogadded 2022/02/10 11:48 p.m.32 views

OS Command Injection in install-package

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.3AI score0.04118EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2022/02/10 11:47 p.m.1 views

GHSA-H9V8-RM3M-5H5F OS Command Injection in git-add-remote

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

9.8CVSS6.2AI score0.04118EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2022/02/10 11:45 p.m.44 views

Withdrawn Advisory: OS Command Injection in effect

Withdrawn Advisory This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem...

9.8CVSS9.9AI score0.04118EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2022/02/10 11:42 p.m.13 views

GHSA-PF8J-VHG8-XMC3 karma-mojo enables OS Command Injection

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument...

9.8CVSS9.8AI score0.04232EPSS
Exploits1References3
OSV
OSVadded 2022/02/10 11:37 p.m.1 views

GHSA-C5HM-XC74-PQRG OS Command Injection in jscover

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

9.8CVSS6.2AI score0.035EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/02/10 8:20 p.m.50 views

OS Command Injection and Command Injection in kill-port-process

The kill-port-process package prior to version 2.2.0 is vulnerable to a Command Injection...

10CVSS8.4AI score0.03905EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder