Lucene search
K

49 matches found

CVE
CVE
added 2025/12/24 1:10 p.m.12 views

CVE-2025-67625

CVE-2025-67625 is a CSRF vulnerability in the WordPress plugin “Trade Runner” (tmtraderunner) affecting versions from n/a through 3.14. The issue enables Cross-Site Request Forgery, potentially allowing an attacker to perform actions on behalf of an authenticated user. Affected component is the p...

4.3CVSS6.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.4 views

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

5.9CVSS5.8AI score0.00293EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/29 3:31 p.m.6 views

Insecure Default Initialization of Resource

Overview io.jenkins.plugins:eggplant-runner is a The Eggplant DAI Plugin for Jenkins launches DAI tests from within a Jenkins pipeline. You can use it to continuously test your application using Eggplant's model-based approach to testing. For more information about Eggplant, visit...

8.2CVSS5.9AI score0.00293EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 3:31 p.m.7 views

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

4.3CVSS6.2AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 3:31 p.m.7 views

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

4.3CVSS6.3AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 3:31 p.m.4 views

EUVD-2025-36648

Jenkins Eggplant Runner Plugin protection mechanism disabled...

5.9CVSS6.4AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2025/10/29 1:29 p.m.22 views

CVE-2025-64142

CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.11 views

Jenkins Nexus Task Runner Plugin 安全漏洞

Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44290

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Nexus Task Runner Plugin. This allows attackers to connect to a URL specified by the attacker, using...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44291

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker, using credentials also specified by the attacker. T...

4.3CVSS6.4AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2192

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01577EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.7 views

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00691EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.7 views

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

8.8CVSS7.4AI score0.01765EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 a.m.6 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS8.1AI score0.01577EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.7 views

SUSE CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS9.2AI score0.01577EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.23 views

Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs

Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS4.9AI score0.00691EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.21 views

Stored XSS vulnerability in Jenkins Liquibase Runner Plugin

Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents when showing them on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide Liquibase changesets evaluated by the plugin. Liquibase Runner Plugin 1.4.7 no...

5.4CVSS4.9AI score0.00735EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.26 views

XXE vulnerability in Jenkins Liquibase Runner Plugin

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...

7.1CVSS6.6AI score0.00877EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:29 p.m.28 views

GHSA-44CM-P9Q7-RR3P Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs

Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS4.4AI score0.00691EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:29 p.m.24 views

GHSA-XX7G-F287-F9FQ XXE vulnerability in Jenkins Liquibase Runner Plugin

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...

7.1CVSS6.8AI score0.00877EPSS
Exploits0References4
Rows per page
Query Builder