EUVD-2017-1517

Malware in sbrugna...

EUVD-2024-0977

Malicious code in bioql PyPI...

EUVD-2022-1272

Malicious code in bioql PyPI...

CVE-2024-28161

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...

CVE-2024-5445

Ecosystem Agent version 4 4.1.5.2597 and Ecosystem Agent version 5 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position...

CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

CVE-2022-45391

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

CVE-2025-47888

CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...

PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...

Linux Distros Unpatched Vulnerability : CVE-2017-1000256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvirt version 2.3.0 and later is vulnerable to a bad default configuration of verify-peer=no passed to QEMU by libvirt resulting in a failure to validate...

CVE-2024-28162

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 both inclusive a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation...

CVE-2023-35142

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

Jenkins plugins Multiple Vulnerabilities (2022-03-29)

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins Bitbucket Server Integration Plugin prior to 3.2.0, Continuous Integration with Toad Edge Plugin prior to 2.4, Coverage/Complexity Scatter Plot Plugin 1.1.1 or earlier,...

Missing permission checks in Jenkins Proxmox Plugin

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

GHSA-2MGJ-MWVF-MPG5 Missing permission checks in Jenkins Proxmox Plugin

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...