938 matches found
EUVD-2026-38787
A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
EUVD-2026-38786
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...
EUVD-2026-38785
A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...
CVE-2026-57305
CVE-2026-57305 describes a CSRF in the Jenkins Assembla Plugin up to version 1.4 and earlier. The vulnerability enables an attacker to force the Jenkins instance to connect to an attacker‑specified URL using an attacker‑specified username and password. The provided documents do not supply additio...
EUVD-2026-38772
Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...
CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...
CVE-2026-48923
Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...
EUVD-2026-32514
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...
EUVD-2026-32183
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
CLEANSTART-2026-VT65447 Security fixes for CVE-2025-11579, CVE-2026-21726, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32281, CVE-2026-32283, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, CVE-2026-41602, ghsa-37cx-329c-33x3, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr, ghsa-w8rr-5gcm-pp58, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.2-r0, 1.14.1-r0, 1.14.2-r0, 1.14.2-r1, 1.15.1-r1, 1.16.0-r0
Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details...
PT-2026-40978
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Microsoft Exchange Server Subscription Edition Description An issue in the parsing and rendering architecture of Outlook Web Access OWA involves improper neutralization of input...
CVE-2026-43429
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...
Linux Distros Unpatched Vulnerability : CVE-2026-40394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a workspace overflow denial of service daemon panic for certain amounts of prefetche...
BIT-GITLAB-2025-13078 Improper Validation of Specified Quantity in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...
PT-2026-28440
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...
PT-2026-28294
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is susceptible to a weak password policy, which simplifies unauthorized access to user accounts by enabling attackers to guess passwords or employ brute-force methods...
GO-2026-4778 Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju
Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju...
Siemens APE1808 Incorrect Provision of Specified Functionality (CVE-2025-58325)
An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. This plugin only works with...
EUVD-2025-208574
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...
PT-2026-7015
Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System affected versions not specified Description A security issue exists in Great Developers Certificate Generation System. The issue involves unrestricted upload due to manipulation of the file...