EUVD-2023-1583

Malicious code in bioql PyPI...

EUVD-2022-2729

Malicious code in bioql PyPI...

EUVD-2022-4397

Malicious code in bioql PyPI...

CVE-2023-24438

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

CVE-2021-21664

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token...

Design/Logic Flaw

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-24459

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 aka text4shell PoC for recently discovered vu...

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

PT-2022-18292 · Jenkins · Jenkins Extended Choice Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Extended Choice Parameter Plugin versions 346.vd87693c5a 86c and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. The form validation...

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2021-21637

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2020-2255

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Design/Logic Flaw

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

Microsoft Windows: Turn off Registration (URL connection refers to Microsoft.com)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnoregistration.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Turn off Registration if URL connection is referring to Microsoft.com Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Microsoft Windows: Turn off Internet Connection Wizard (if refers to Microsoft.com)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: wininetconnectionwizard.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

Apache Commons Jelly connects to url with certain custom doctype definitions.

Severity: Medium Vendor: The Apache Software Foundation Versions Affected: commons-jelly-1.0 core, namely commons-jelly-1.0.jar Description: During jelly xml file parsing with xerces, if a custom doctype entity is declared with a ?SYSTEM? entity with a url and that entity is used in the body of t...