Lucene search
K

938 matches found

EUVD
EUVD
added 2026/06/24 1:20 p.m.6 views

EUVD-2026-38787

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38786

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38785

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.9 views

CVE-2026-57305

CVE-2026-57305 describes a CSRF in the Jenkins Assembla Plugin up to version 1.4 and earlier. The vulnerability enables an attacker to force the Jenkins instance to connect to an attacker‑specified URL using an attacker‑specified username and password. The provided documents do not supply additio...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:15 p.m.26 views

CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS0.00382EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 2:13 p.m.21 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/27 2:13 p.m.11 views

EUVD-2026-32514

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.8 views

EUVD-2026-32183

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:28 p.m.15 views

CLEANSTART-2026-VT65447 Security fixes for CVE-2025-11579, CVE-2026-21726, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32281, CVE-2026-32283, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, CVE-2026-41602, ghsa-37cx-329c-33x3, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr, ghsa-w8rr-5gcm-pp58, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.2-r0, 1.14.1-r0, 1.14.2-r0, 1.14.2-r1, 1.15.1-r1, 1.16.0-r0

Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS7AI score0.08123EPSS
Exploits5References45
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.19 views

PT-2026-40978

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Microsoft Exchange Server Subscription Edition Description An issue in the parsing and rendering architecture of Outlook Web Access OWA involves improper neutralization of input...

9.4CVSS6.3AI score0.0564EPSS
Exploits1References269
Debian CVE
Debian CVE
added 2026/05/08 2:22 p.m.9 views

CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a workspace overflow denial of service daemon panic for certain amounts of prefetche...

7.5CVSS6.1AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 12:11 p.m.5 views

BIT-GITLAB-2025-13078 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...

6.5CVSS5.9AI score0.00417EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28440

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...

8.8CVSS6.3AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28294

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is susceptible to a weak password policy, which simplifies unauthorized access to user accounts by enabling attackers to guess passwords or employ brute-force methods...

9.8CVSS5.9AI score0.00242EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:16 p.m.3 views

GO-2026-4778 Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju...

6.6CVSS5.8AI score0.00269EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.5 views

Siemens APE1808 Incorrect Provision of Specified Functionality (CVE-2025-58325)

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. This plugin only works with...

8.2CVSS6.1AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:30 p.m.6 views

EUVD-2025-208574

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...

6.5CVSS5.8AI score0.00385EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.9 views

PT-2026-7015

Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System affected versions not specified Description A security issue exists in Great Developers Certificate Generation System. The issue involves unrestricted upload due to manipulation of the file...

6.5CVSS5.4AI score0.00233EPSS
Exploits1References6
Rows per page
Query Builder