CVE-2025-12714

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

EUVD-2025-209984

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

EUVD-2022-3408

Malicious code in bioql PyPI...

EUVD-2022-2549

Malicious code in bioql PyPI...

CVE-2024-13368

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzifyofferbanner function in all versions up to, and including, 1.3.2. This makes it possible for...

PT-2025-2136 · WordPress · Youzify

Name of the Vulnerable Software and Affected Versions: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to unauthorized access due to a missing capability check on the youzify offe...

Microsoft Update Catalog 代码问题漏洞

The Microsoft Update Catalog is an update Web site from the U.S.-based Microsoft Corporation Microsoft. It is used to provide the company with a list of patches, drivers and software. Microsoft Update Catalog suffers from a deserialization vulnerability that originates from deserializing untruste...

CVE-2023-27898

Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...

SUSE CVE-2015-7539

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin...

SUSE CVE-2016-3725

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service service disruption...

GHSA-9M48-54PJ-H248 Improper Neutralization of Input During Web Page Generation in Jenkins

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

Missing permissions check in Jenkins Core

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service service disruption...

GHSA-X274-9M9R-FM5G Jenkins does not Verify Checksums for Plugin Files

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin...

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

PT-2019-11778 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.191 and earlier Jenkins LTS versions 2.176.2 and earlier Description: A stored cross-site scripting issue allows attackers with Overall/Administer permission to inject arbitrary HTML and JavaScript in update center web page...

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...