CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5963 matches found

Packet Storm News•added 2025/10/31 12:0 a.m.•2 views

Windows Persistent Task Scheduler

This Metasploit module establishes persistence by creating a scheduled task to run a payload...

6.9AI score

Exploits0

CVE•added 2025/10/30 6:53 p.m.•6 views

CVE-2025-36137

CVE-2025-36137 affects IBM Sterling Connect:Direct for UNIX (versions 6.2.0.7–6.2.0.9 iFix004; 6.3.0.2–6.3.0.5 iFix002; 6.4.0.0–6.4.0.2 iFix001). The root cause is incorrect permission assignments for maintenance tasks to Control Center Director (CCD) users, which could allow a privileged user to...

7.2CVSS6.5AI score0.0004EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/10/30 2:13 p.m.•2 views

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.6AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2025/10/30 2:13 p.m.•2 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.7AI score0.00019EPSS

Exploits0References1

vulnersOsv•added 2025/10/30 12:31 p.m.•3 views

apache-airflow (>=3.0.0 <=3.0.4rc2), apache-airflow-providers-common-sql (>=1.25.0 <=1.25.0rc1) +3 more potentially affected by CVE-2025-54941 via apache-airflow-core (>=3.0.0 <=3.0.4rc2)

apache-airflow-core PYPI version =3.0.0, =3.0.0, =1.25.0, =1.0.0, =1.16.0, =1.0.6, =1.0.9 Source cves: CVE-2025-54941 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-13786421...

4.6CVSS5.4AI score0.00181EPSS

Exploits0

EUVD•added 2025/10/29 3:31 p.m.•3 views

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

4.3CVSS6.3AI score0.00019EPSS

Exploits0References2

Snyk•added 2025/10/29 3:31 p.m.•5 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:nexus-task-runner is a This plugin executes Sonatype Nexus scheduled tasks after your build. For example, if you want to refresh your Nexus's repositories index after building your project, you can use execute a Nexus task whose type is "Publish index" using this...

5.4CVSS7AI score0.00019EPSS

Exploits0References2

Github Security Blog•added 2025/10/29 3:31 p.m.•8 views

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

4.3CVSS6.7AI score0.00019EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/29 3:31 p.m.•4 views

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

4.3CVSS6.2AI score0.00025EPSS

Exploits0References2

OSV•added 2025/10/29 3:31 p.m.•2 views

GHSA-X2PV-FPH3-PHFX Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

4.3CVSS6.7AI score0.00019EPSS

Exploits0References3

NVD•added 2025/10/29 2:15 p.m.•3 views

CVE-2025-64142

4.3CVSS0.00025EPSS

Exploits0References2

OSV•added 2025/10/29 2:15 p.m.•5 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.7AI score0.00019EPSS

Exploits0References2

NVD•added 2025/10/29 2:15 p.m.•4 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS0.00019EPSS

Exploits0References2

OSV•added 2025/10/29 2:15 p.m.•2 views

CVE-2025-64142

4.3CVSS5.8AI score0.00025EPSS

Exploits0References2

Cvelist•added 2025/10/29 1:29 p.m.•6 views

CVE-2025-64142

0.00025EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 1:29 p.m.•1 views

CVE-2025-64142

6.3AI score0.00025EPSS

Exploits0References1

CVE•added 2025/10/29 1:29 p.m.•12 views

CVE-2025-64142

CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...

4.3CVSS6.3AI score0.00025EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/29 1:29 p.m.•6 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

0.00019EPSS

Exploits0References1

CVE•added 2025/10/29 1:29 p.m.•7 views

CVE-2025-64141

CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...

4.3CVSS6.4AI score0.00019EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/29 1:29 p.m.•1 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

6.4AI score0.00019EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by