Windows Persistent Task Scheduler

This Metasploit module establishes persistence by creating a scheduled task to run a payload...

📄 Windows Persistent Task Scheduler

This Metasploit module establishes persistence by creating a scheduled task to run a payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Persistent Task Scheduler', 'Description' =...

CVE-2025-36137

CVE-2025-36137 affects IBM Sterling Connect:Direct for UNIX (versions 6.2.0.7–6.2.0.9 iFix004; 6.3.0.2–6.3.0.5 iFix002; 6.4.0.0–6.4.0.2 iFix001). The root cause is incorrect permission assignments for maintenance tasks to Control Center Director (CCD) users, which could allow a privileged user to...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

apache-airflow (>=3.0.0 <=3.0.4rc2), apache-airflow-providers-common-sql (>=1.25.0 <=1.25.0rc1) +3 more potentially affected by CVE-2025-54941 via apache-airflow-core (>=3.0.0 <=3.0.4rc2)

apache-airflow-core PYPI version =3.0.0, =3.0.0, =1.25.0, =1.0.0, =1.16.0, =1.0.6, =1.0.9 Source cves: CVE-2025-54941 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-13786421...

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:nexus-task-runner is a This plugin executes Sonatype Nexus scheduled tasks after your build. For example, if you want to refresh your Nexus's repositories index after building your project, you can use execute a Nexus task whose type is "Publish index" using this...

EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

GHSA-X2PV-FPH3-PHFX Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery

Jenkins Nexus Task Runner Plugin 0.9.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally, this endpoint does not require POST...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...