46 matches found
EUVD-2015-9275
Malware in sbrugna...
EUVD-2025-16842
Malicious code in bioql PyPI...
EUVD-2022-5101
Malicious code in bioql PyPI...
EUVD-2022-5440
Malicious code in bioql PyPI...
CVE-2025-4578
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4578
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4580 File Provider <= 1.2.3 - Item Deletion via CSRF
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-4580 File Provider <= 1.2.3 - Item Deletion via CSRF
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress plugin File Provider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress File Provider plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker...
PT-2025-23761 · WordPress · Filterprovider
Name of the Vulnerable Software and Affected Versions: File Provider versions 1.2.3 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the File Provider WordPress plugin. This could allow attackers to make a logged-in admin change the settings via ...
CVE-2023-24425
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to...
CVE-2015-9435
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers...
CVE-2017-1000104
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...
CVE-2025-47884
In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...
Jenkins plugins Multiple Vulnerabilities (2025-05-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Critical In WSO2 Oauth Plugin 1.0 and earlier authentication claims are accepted without validation by the WSO2 Oauth security realm. This...
jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin
A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...
CVE-2023-40339
Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...
CVE-2023-40339
CVE-2023-40339 affects the Jenkins Config File Provider Plugin (versions including 952.va_544a_6234b_46 and earlier). The issue is that credentials specified in configuration files are not masked (not replaced with asterisks) when written to the build log, potentially exposing secrets. Public adv...
PT-2023-27397 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier Description: The issue concerns the Jenkins Config File Provider Plugin, where credentials specified in configuration files are not masked when written to the build...