Lucene search
K

57 matches found

Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

0.0042EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/25 3:8 p.m.139 views

web-app-security-owasp-zap

🔐 Web Application Security Testing with OWASP ZAP Author:...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3026

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01365EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 a.m.7 views

CVE-2019-1003060

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS6.7AI score0.01365EPSS
Exploits0References1
OSV
OSV
added 2024/06/25 12:54 p.m.4 views

MAL-2024-2816 Malicious code in owasp-zap-extension (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.324 views

Human Resource Management System 1.0 SQL Injection

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/29 12:0 a.m.342 views

Human Resource Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2022/10/18 11:30 a.m.71 views

xnLinkFinder - A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target

About - v2.0 This is a tool used to discover endpoints and potential parameters for a given target. It can find them by: crawling a target pass a domain/URL crawling multiple targets pass a file of domains/URLs searching files in a given directory pass a directory name get them from a Burp projec...

7.2AI score
Exploits0References6
Huntr
Huntr
added 2022/09/10 8:51 p.m.25 views

Mass Assignment in Self Controller Leads To Vertical Privillege Escalation

Description Hello there, y'all! How are you doing? Hope you are doing great! I was testing Budibase and noticed that the api endpoint /api/global/self, which is used for different purposes updating an user's name or their password, always receives an entire object containing most of the attribute...

3.5CVSS0.00711EPSS
Exploits1
Huntr
Huntr
added 2022/08/29 9:45 p.m.24 views

No rate limit via proxy url parameter

Description Hi Drawio Team , Your proxy server has no limit of requests which an attacker can use it as PORT SCANNER. https://app.diagrams.net/proxy?url=IP:PORT&base64=1 Proof of Concept Image from my OWASP ZAP : https://ibb.co/h87hz3N...

5CVSS0.7AI score0.00978EPSS
Exploits1References1
Kitploit
Kitploit
added 2022/08/27 12:30 p.m.177 views

Rekono - Execute Full Pentesting Processes Combining Multiple Hacking Tools Automatically

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced...

7.3AI score
Exploits0References23
The Hacker News
The Hacker News
added 2022/08/20 4:30 p.m.34 views

Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF

With more data stored in the cloud than ever before, now is a good time to get into cybersecurity. Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/07/23 4:29 p.m.23 views

No Protection against Bruteforce attacks on Login page

Description Wger Workout Manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept Steps to Reproduce: 1. Register a new user 2. Logout 3. Send a login request with an incorrect password 4. Capture the login request 5. Replay the login request with a different...

7.5CVSS8.8AI score0.00661EPSS
Exploits1References1
OSV
OSV
added 2022/05/13 1:17 a.m.10 views

GHSA-7JX8-244G-JFPX Jenkins OWASP ZAP Plugin stores unencrypted credentials

Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

3.3CVSS8.7AI score0.01365EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:17 a.m.16 views

Jenkins OWASP ZAP Plugin stores unencrypted credentials

Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/03/25 12:0 a.m.25 views

GHSA-J7XG-5549-JR3J Improper Certificate Validation in OWASP ZAP

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4CVSS4.2AI score0.00654EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/03/25 12:0 a.m.29 views

Improper Certificate Validation in OWASP ZAP

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS1.4AI score0.00654EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/03/24 4:15 a.m.20 views

Design/Logic Flaw

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS4.4AI score0.00654EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2022/03/01 2:12 p.m.74 views

Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99

It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-On...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2021/12/13 11:30 a.m.17 views

FiddleZAP - A Simplified Version Of EKFiddle For OWASP ZAP

FiddleZAP is a simplified version of EKFiddle for OWASP ZAP. With ZAP as your web proxy, you are able to flag malicious traffic based on predefined regular expressions. Example: Alert, highlighting and tagging when a regex matches on a string within the HTML source code of a compromised website...

7.3AI score
Exploits0References2
Rows per page
Query Builder