CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

BIT-GRAFANA-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

[SECURITY] Fedora 42 Update: rust-gst-plugin-reqwest-0.13.3-4.fc42

GStreamer reqwest HTTP Source Plugin...

EUVD-2021-1490

Malware in sbrugna...

EUVD-2022-5509

Malicious code in bioql PyPI...

EUVD-2023-2626

Malicious code in bioql PyPI...

EUVD-2022-5319

Malicious code in bioql PyPI...

EUVD-2022-0718

Malicious code in bioql PyPI...

EUVD-2024-0341

Malicious code in bioql PyPI...

CVE-2024-23902

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...

[SECURITY] Fedora 40 Update: rust-gst-plugin-reqwest-0.13.3-3.fc40

GStreamer reqwest HTTP Source Plugin...

[SECURITY] Fedora 41 Update: rust-gst-plugin-reqwest-0.13.3-3.fc41

GStreamer reqwest HTTP Source Plugin...

Code-Projects Simple Plugins Car Rental Management 注入漏洞

Code-Projects Simple Plugins Car Rental Management is an open source car rental management plugin for Code-Projects. An injection vulnerability exists in Code-Projects Simple Plugins Car Rental Management version 1.0, which stems from the manipulation of the parameter id that can lead to SQL...

Fields GLPI plugin 安全漏洞

Fields GLPI plugin is an open source plugin for GLPI Project Plugins. A security vulnerability exists in the Fields GLPI plugin version 3.0.0 through versions prior to 3.0.3, which stems from an inadequate security check that allows an unauthenticated attacker to determine if data with a specific...

CVE-2024-38728 WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9...

CVE-2024-39460

A vulnerability was found in Jenkins Bitbucket. In some cases, it prints the Bitbucket OAuth access token as part of the Bitbucket URL...

GHSA-X8MF-JCMF-R79F Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.vad359b3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the...

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.vad359b3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases...