CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-6856

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00079EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 1:14 a.m.•8 views

CVE-2022-41229

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.09489EPSS

Exploits0References1

Github Security Blog•added 2023/05/16 6:30 p.m.•18 views

Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...

7.5CVSS6.6AI score0.00471EPSS

Exploits0References3Affected Software1

CNNVD•added 2023/05/16 12:0 a.m.•4 views

Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.00471EPSS

Exploits0References4

Github Security Blog•added 2023/04/02 9:30 p.m.•31 views

Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control PerfPublisher report files to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets...

8.2CVSS7.9AI score0.01056EPSS

Exploits0References3Affected Software1

CVE•added 2022/11/15 12:0 a.m.•271 views

CVE-2022-38666

CVE-2022-38666 affects Jenkins NS-ND Integration Performance Publisher Plugin, where versions 4.8.0.146 and earlier unconditionally disable SSL/TLS certificate and hostname validation for several features. Root cause: unconditional disabling of TLS validation within the plugin. Documented impact:...

7.5CVSS7.6AI score0.00097EPSS

Exploits0References2Affected Software1

CVE•added 2022/11/15 12:0 a.m.•275 views

CVE-2022-45391

Affected product: Jenkins NS-ND Integration Performance Publisher Plugin (version 4.8.0.143 and earlier). Issue: plugin globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM, undermining TLS trust and enabling potential interceptio...

7.5CVSS7.6AI score0.00071EPSS

Exploits0References2Affected Software1

CVE•added 2022/11/15 12:0 a.m.•271 views

CVE-2022-45392

CVE-2022-45392 concerns the Jenkins NS-ND Integration Performance Publisher Plugin (v4.8.0.143 and earlier). The vulnerability stores passwords in plaintext in job config.xml files on the Jenkins controller, allowing exposure to anyone with Extended Read permission or access to the controller fil...

6.5CVSS6.5AI score0.00352EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2022/09/22 12:0 a.m.•34 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and...

8.8CVSS8.2AI score0.00288EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/09/22 12:0 a.m.•30 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

8.8CVSS8.2AI score0.00079EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/09/22 12:0 a.m.•26 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting

Jenkins NS-ND Integration Performance Publisher Plugin prior to version 4.8.0.147 does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score0.09489EPSS

Exploits0References4Affected Software1

OSV•added 2022/09/22 12:0 a.m.•27 views

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

4.3CVSS8.6AI score0.00079EPSS

Exploits0References3

OSV•added 2022/09/21 4:15 p.m.•3 views

CVE-2022-41227

8.8CVSS5.7AI score0.00079EPSS

Exploits0References1

NVD•added 2022/09/21 4:15 p.m.•19 views

CVE-2022-41228

8.8CVSS0.00288EPSS

Exploits0References1

Prion•added 2022/09/21 4:15 p.m.•15 views

Cross site scripting

4.9CVSS5.3AI score0.09489EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/09/21 3:45 p.m.•5 views

CVE-2022-41229

5.4AI score0.09489EPSS

Exploits0References1

CVE•added 2022/09/21 3:45 p.m.•75 views

CVE-2022-41228

CVE-2022-41228 : Jenkins NS-ND Integration Performance Publisher Plugin, versions up to and including 4.8.0.129, contains a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified webserver using attacker-specified credentials. The issue is confirmed b...

8.8CVSS8.4AI score0.00288EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/09/21 12:0 a.m.•3 views

Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞

8.8CVSS7.9AI score0.00288EPSS

Exploits0References3

Positive Technologies•added 2022/09/21 12:0 a.m.•4 views

PT-2022-25744 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.134 and earlier Description: The issue results from the plugin not escaping configuration options of the Execute NetStorm/NetCloud Test build step, leading to a stored...

8CVSS5.2AI score0.09489EPSS

Exploits0References9

OSV•added 2022/06/24 12:0 a.m.•32 views

GHSA-PV38-MQPP-V72H Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of th...

8CVSS5.7AI score0.14867EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by