Lucene search
K

35 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 2:39 p.m.9 views

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - jenkins-2-plugins/subversion: XML parser is not preventing XML external...

8CVSS6.8AI score0.08235EPSS
Exploits1References41
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.9 views

CVE-2019-16576

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...

6.5CVSS6.5AI score0.00852EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-3173

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42277

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00076EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-25779

Malicious code in bioql PyPI...

3.3CVSS4.6AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5577

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0988

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01097EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.16 views

CVE-2023-37944

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.4AI score0.00834EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.10 views

CVE-2023-33902

In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

5.5CVSS6.4AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.8 views

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

5.4CVSS6.2AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.17 views

CVE-2022-36915

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

4.3CVSS6.6AI score0.00569EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.13 views

CVE-2022-36904

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS6.6AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:52 p.m.7 views

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS6.5AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:0 p.m.7 views

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials...

4.3CVSS6.6AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.22 views

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS6.6AI score0.00505EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/05/22 7:34 p.m.3 views

Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002314 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...

8.5CVSS8AI score0.00265EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.12 views

CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4.3CVSS6.5AI score0.00733EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.9 views

CVE-2020-2202

A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00691EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:30 a.m.21 views

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

4.3CVSS6.5AI score0.00691EPSS
Exploits0References1
Rows per page
Query Builder