CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Snyk•added 2026/04/09 7:10 p.m.•1 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00101EPSS

Exploits0References2

Snyk•added 2026/04/09 7:10 p.m.•3 views

Improper Validation of Specified Type of Input

8.5CVSS6.2AI score0.00101EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-15369

Malware in sbrugna...

6.1CVSS6.2AI score0.00328EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-15368

Malware in sbrugna...

6.1CVSS6.2AI score0.00216EPSS

Exploits0References2

CNNVD•added 2025/07/11 12:0 a.m.•1 views

Live Helper Chat lhc-php-resque Extension 安全漏洞

Live Helper Chat lhc-php-resque Extension is an open source extension for Live Helper Chat. A security vulnerability exists in Live Helper Chat lhc-php-resque Extension, which originates from a parameter queue name operation leading to cross-site scripting...

5.1CVSS4.4AI score0.00185EPSS

Exploits0References7

RedhatCVE•added 2025/05/22 4:3 p.m.•2 views

CVE-2020-22609

Cross Site Scripting XSS vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php...

6.1CVSS5.9AI score0.00328EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:19 p.m.•4 views

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php...

6.1CVSS6.4AI score0.00216EPSS

Exploits0

OSV•added 2023/09/06 1:15 p.m.•1 views

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

6.1CVSS5.8AI score

Exploits0References2

CNNVD•added 2023/09/06 12:0 a.m.•2 views

Jenkins Plugin AWS CodeCommit Trigger Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.1CVSS7.1AI score0.002EPSS

Exploits0References4

Vulnrichment•added 2023/06/14 12:53 p.m.•59 views

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

7AI score0.00562EPSS

Exploits0References2

RedHat Linux•added 2022/07/05 2:41 p.m.•1 views

sidekiq: XSS via the queue name of the live-poll feature

A cross-site scripting vulnerability was found in sidekiq via the queue name of the live-poll feature. A potential attacker can impersonate or masquerade as the victim user using this vulnerability when Internet Explorer is used...

6.1CVSS5.6AI score0.139EPSS

Exploits1References5

CNVD•added 2021/06/29 12:0 a.m.•3 views

osTicket cross-site scripting vulnerability (CNVD-2021-48883)

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/ajax.search.php...

6.1CVSS6AI score0.00216EPSS

Exploits0References1

CNVD•added 2021/06/29 12:0 a.m.•7 views

osTicket Cross-Site Scripting Vulnerability

6.1CVSS6AI score0.00328EPSS

Exploits0References1