609 matches found
EUVD-2022-3680
Malicious code in bioql PyPI...
EUVD-2022-5269
Malicious code in bioql PyPI...
EUVD-2022-6986
Malicious code in bioql PyPI...
EUVD-2022-4680
Malicious code in bioql PyPI...
EUVD-2022-4100
Malicious code in bioql PyPI...
EUVD-2022-2227
Malicious code in bioql PyPI...
EUVD-2022-3963
Malicious code in bioql PyPI...
EUVD-2023-36455
Malicious code in bioql PyPI...
EUVD-2022-3563
Malicious code in bioql PyPI...
CVE-2024-52554
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override...
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
CVE-2023-34237
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
CVE-2022-28284
SVG's element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
CVE-2019-10458
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2016-10845
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/checksystemstorable SEC-78...
CVE-2016-10811
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs SEC-116...
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...