EUVD-2022-3556

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-21256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior...

Malicious code in planetology-server-optimize-css-assets-webpack-plugin-venus (npm)

The package planetology-server-optimize-css-assets-webpack-plugin-venus was found to contain malicious code...

MAL-2025-29366 Malicious code in planetology-server-optimize-css-assets-webpack-plugin-venus (npm)

The package planetology-server-optimize-css-assets-webpack-plugin-venus was found to contain malicious code...

The vulnerability of the Jenkins continuous integration server’s HTML plugin arises from incorrect path name restrictions for the catalog directory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server plugin is related to an incorrect restriction on the path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2025-49763

CVE-2025-49763 affects Apache Traffic Server via the ESI plugin. The vulnerability arises when ESI requests stack with no limit on inclusion depth, allowing memory exhaustion and potential DoS on ATS nodes. Affected versions are ATS 10.0.0–10.0.5 and 9.0.0–9.2.10. Remediation is to upgrade to 9.2...

CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2021-21638

A cross-site request forgery CSRF vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10288

Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2025-3099

The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to upda...

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

Directory Traversal

@vendure/asset-server-plugin is vulnerable to Directory Traversal. The vulnerability is due to improper validation in Vendure's asset server plugin, which allows an attacker to craft requests that traverse the server file system, retrieving arbitrary files including sensitive data and crashing th...

@artcoded/gcp-asset-server-plugin (>=1.0.1 <=1.0.4), @grupo-loja/vendure-banner-plugin (=1.0.0) +54 more potentially affected by CVE-2024-48914 via @vendure/asset-server-plugin (>=0.12.5 <=2.2.7)

@vendure/asset-server-plugin NPM version =0.12.5, =1.0.1, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.2.4 and more Source cves: CVE-2024-48914 Source advisory: OSV:GHSA-R9MQ-3C9R-FMJQ...

CVE-2024-7766

The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

RHEL 8 : Red Hat Product OCP Tools 4.15 OpenShift Jenkins (RHSA-2024:4597)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4597 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

jenkins-2-plugins: git-server plugin arbitrary file read vulnerability

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

CVE-2024-34146

Jenkins Git server Plugin 114.v068ac7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories...