aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.adq.jenkins:xml-job-to-job-dsl (>=0.1.1 <=0.1.13) +534 more potentially affected by CVE-2024-39458 via org.jenkins-ci.plugins:structs (>=1.1 <=337.v1b_04ea_4df7c8)

org.jenkins-ci.plugins:structs MAVEN version =1.1, =0.1.1, =2.33.0, =1.9.0, =2.0.1, =2.8, =2.0.12, =1.12, =1.225.v14f9e6b28f53, =1.0.2, =1.28.0, =0.6, =2.37.0, =1.0.0, =1.2.7, =1.3.2 and more Source cves: CVE-2024-39458 Source advisory: OSV:GHSA-XFX3-CR74-X3CV...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2024-39460 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2024-39460 Source advisory: OSV:GHSA-X8MF-JCMF-R79F...

USN-6850-1 openvpn vulnerability

It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials...

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability CWE-352. Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform unintended...

Jenkins plugins Multiple Vulnerabilities (2024-06-26)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Low Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their...

MAL-2024-6860 Malicious code in delayed_plugins-airbrake (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in delayed_plugins-airbrake (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in brightbox_boxgrinder-plugins (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6794 Malicious code in brightbox_boxgrinder-plugins (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Stl.Plugins.Extensions.Net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Rg.Plugins.Popups.Net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in plugins-bot (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flipper-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 813614a0417abbf8af3d06d8e798cc8a0174675c3e5f824401b04c85b3f9992c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-2377 Malicious code in flipper-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 813614a0417abbf8af3d06d8e798cc8a0174675c3e5f824401b04c85b3f9992c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-3062 Malicious code in @realty-front/stylelint-plugins (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

CVE-2024-6297

CVE-2024-6297 refers to multiple WordPress plugins where the plugin source code was compromised, injecting backdoors that exfiltrate database credentials and can create new administrator users. Public disclosures from Red Hat and Wordfence confirm a high‑risk, internal compromise affecting severa...

PT-2024-37520

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: A malicious threat actor has compromised the source code of various WordPress plugins hosted on WordPress.org, injecting malicious PHP scripts. These scripts exfiltrate database...

Important: Red Hat Enhancement Advisory: Red Hat Developer Hub 1.2 release

Red Hat Developer Hub 1.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...