Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

78 matches found

Github Security Blog
Github Security Blogadded 2026/04/29 3:30 p.m.6 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00126EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-4224

Malicious code in bioql PyPI...

4.8CVSS5AI score0.00416EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-2884

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00242EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 3:18 p.m.4 views

CVE-2020-2137

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS5.6AI score0.00242EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2023/11/29 3:30 p.m.25 views

Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS7AI score0.00074EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2023/09/20 6:30 p.m.29 views

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

8.8CVSS6.6AI score0.00063EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2023/09/20 6:30 p.m.28 views

Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

6.5CVSS6.6AI score0.00049EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2023/07/12 6:30 p.m.20 views

Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

4.3CVSS6.5AI score0.00173EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2022/11/15 8:15 p.m.19 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.5CVSS0.00752EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2022/09/22 12:0 a.m.29 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

8.8CVSS8.2AI score0.00079EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2022/09/22 12:0 a.m.28 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and...

8.8CVSS8.2AI score0.00288EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/09/22 12:0 a.m.26 views

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

4.3CVSS8.6AI score0.00079EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/09/21 12:0 a.m.2 views

PT-2022-25742 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.129 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified...

8.8CVSS8.6AI score0.00079EPSS
Exploits0References7
OSV
OSVadded 2022/07/01 12:1 a.m.21 views

GHSA-2588-CX6W-6VM6 Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS6.5AI score0.00301EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/07/01 12:1 a.m.29 views

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

4.3CVSS4.7AI score0.00335EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 7:6 p.m.16 views

Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests

Jenkins requests-plugin Plugin 2.2.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view the list of pending requests. Jenkins requests-plugin Plugin 2.2.7 requires Overall/Administer permission to view the list of pendin...

4.3CVSS4.8AI score0.00125EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 7:6 p.m.17 views

Missing permission check in Jenkins requests-plugin Plugin allows sending emails

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address. Jenkins requests-plugin Plugin 2.2.8 requires Overall/Administer permission to...

4.3CVSS4.5AI score0.00031EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/24 7:6 p.m.14 views

GHSA-W3GM-VV58-WR55 Missing permission check in Jenkins requests-plugin Plugin allows sending emails

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address. Jenkins requests-plugin Plugin 2.2.8 requires Overall/Administer permission to...

4.3CVSS4.4AI score0.00031EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/24 7:4 p.m.27 views

CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

8.8CVSS7.4AI score0.00074EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/05/24 5:48 p.m.2 views

GHSA-3M3F-2323-64M7 Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...

6.5CVSS5.8AI score0.00832EPSS
Exploits0References5
Rows per page
Query Builder