EUVD-2024-53730

Malicious code in bioql PyPI...

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file...

PT-2025-3556 · Msfm · Msfm

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a deserialization vulnerability that can be exploited via the pom.xml configuration file. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 true positive The project illustrate...

GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

GHSA-9PVW-8Q92-HM9W Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

CVE-2023-35143

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

CVE-2023-35143

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

CVE-2023-35143

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

Script security sandbox bypass in Matrix Project Plugin

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...

Jenkins Groovy Plugin sandbox bypass vulnerability

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Groovy Plugin 2.2 uses Script Security API...

GHSA-FM3J-R98G-97JH Jenkins Groovy Plugin sandbox bypass vulnerability

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Groovy Plugin 2.2 uses Script Security API...

GHSA-QWM8-VGM6-F86P Script security sandbox bypass in Jenkins Email Extension Plugin

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java,...

Sandbox bypass in Jenkins Pipeline: Groovy Plugin

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...

Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read

Exploit Title: Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6,...

Exploit for Forced Browsing in Atlassian Confluence_Data_Center

CVE-2021-26085 Atlassian Confluence Server 7.5.1 Pre-Authoriza...

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Vulnerability

Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ version 7.12.3 Tested o...

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read

Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ versio...

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0 ≤ version...

Atlassian Confluence Server 7.5.1 Arbitrary File Read

Exploit Title: Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability Date: 2021-10-05 Exploit Author: Mayank Deshmukh Author email: [email protected] Vendor Homepage: https://www.atlassian.com/ Software Link:...