CVE-2026-6902 Code Injection in Perforce P4 (Helix Core)

A Remote Code Execution vulnerability in P4 Helix Core Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks...

PT-2026-41662

Name of the Vulnerable Software and Affected Versions P4 Server versions prior to 2025.2 Patch 2 Description A security issue exists in the Command-Line Client of P4 Server that could lead to potential security risks. Recommendations Update to P4 Server version 2025.2 Patch 2 or later...

CVE-2010-0934

The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script...

CVE-2010-0932

The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a certain MKD command...

CVE-2010-0933

Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. dot dot in the argument to the "p4 add" command...

CVE-2010-0935

Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command...

EUVD-2021-1334

Malware in sbrugna...

EUVD-2008-1309

Malware in sbrugna...

EUVD-2010-0959

Malware in sbrugna...

EUVD-2010-0955

Malware in sbrugna...

EUVD-2010-0960

Malware in sbrugna...

EUVD-2010-0958

Malware in sbrugna...

EUVD-2010-0954

Malware in sbrugna...

CVE-2021-21655

A cross-site request forgery CSRF vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password...

CVE-2010-0929

The Perforce service p4s.exe in Perforce Server 2008.1 allows remote attackers to cause a denial of service daemon crash via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff...

GHSA-3RJ3-QP2J-4FJ2 Cross-Site Request Forgery in Jenkins P4 Plugin

A cross-site request forgery CSRF vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. Jenkins P4 Plugin 1.11.5 requires POST requests for the affected HTTP endpoints...

CloudBees Jenkins P4 Plugin Access Control Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An Access Control Error...

CloudBees Jenkins P4 Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

CVE-2021-21655

A cross-site request forgery CSRF vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password...

CVE-2021-21654

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password...