Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2024/04/18 2:43 p.m.1 views

CVE-2024-29021 SSRF into Sandbox Escape through Unsafe Default Configuration

Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery SSRF. This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the...

9CVSS7.7AI score0.01631EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2021/11/29 10:40 a.m.2 views

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS6.1AI score0.00954EPSS
Exploits0References5
NVD
NVDadded 2021/11/04 5:15 p.m.11 views

CVE-2021-21696

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results i...

9.8CVSS0.00954EPSS
Exploits0References2
Prion
Prionadded 2021/11/04 5:15 p.m.23 views

Code injection

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results i...

7.5CVSS9.4AI score0.00954EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2021/11/04 4:52 p.m.42 views

CVE-2021-21696

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS9.2AI score0.00954EPSS
Exploits0References4
ThreatPost
ThreatPostadded 2019/08/30 3:48 p.m.144 views

iPhone Zero-Days Anchored Watering-Hole Attacks

A total of 14 iPhone vulnerabilities – including two that were zero-days when discovered — have been targeted by five exploit chains in a watering hole attack that has lasted years. The watering holes deliver a spyware implant that can steal private data like iMessages, photos and GPS location in...

9.3CVSS8.3AI score0.04869EPSS
Exploits2References6
Node.js
Node.jsadded 2016/08/25 1:5 p.m.28 views

Arbitrary Code Injection

Overview Affected versions of pouchdb do not properly sandbox the code execution engine which executes the map/reduce functions for temporary views and design documents. Under certain circumstances, an attacker could uses this to run arbitrary code on the server. Recommendation Update to version...

10CVSS6.3AI score0.00931EPSS
Exploits0Affected Software1
Rows per page
Query Builder