CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-14883

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00104EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 8:24 a.m.•6 views

CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

8.2CVSS6.8AI score0.0005EPSS

Exploits0References1

RedhatCVE•added 2025/05/16 9:20 p.m.•16 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.8AI score0.00094EPSS

Exploits0References1

Snyk•added 2025/05/14 9:31 p.m.•1 views

Missing Authorization

Overview org.jenkins-ci.plugins:vmanager-plugin is a Jenkins plugin that Integrates Jenkins to Cadence vManager. Affected versions of this package are vulnerable to Missing Authorization. An attacker with Overall/Read permission can connect to an attacker-specified URL using attacker-specified...

5.3CVSS6.8AI score0.00104EPSS

Exploits0References2

Snyk•added 2025/05/14 9:31 p.m.•3 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:vmanager-plugin is a Jenkins plugin that Integrates Jenkins to Cadence vManager. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the connection configuration process. An attacker can manipulate the plugin to connect to a...

5.3CVSS7AI score0.00094EPSS

Exploits0References2

Github Security Blog•added 2025/05/14 9:31 p.m.•8 views

Jenkins Cadence vManager Plugin is Missing Permission Checks

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS6.6AI score0.00104EPSS

Exploits0References5Affected Software1

AlpineLinux•added 2025/05/14 8:35 p.m.•3 views

CVE-2025-47886

4.3CVSS7.2AI score0.00094EPSS

Exploits0References1

Positive Technologies•added 2025/05/14 12:0 a.m.•2 views

PT-2025-21240 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier Description: The issue is related to missing permission checks in the Jenkins Cadence vManager Plugin, which allows attackers with Overall/Read permission to...

4.3CVSS5.8AI score0.00104EPSS

Exploits0References12

CNNVD•added 2025/05/14 12:0 a.m.•2 views

Jenkins plugin Cadence vManager 跨站请求伪造漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security vulnerability...

4.3CVSS6.3AI score0.00094EPSS

Exploits0References2

Snyk•added 2025/04/02 3:31 p.m.•1 views

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.plugins:vmanager-plugin is a Jenkins plugin that Integrates Jenkins to Cadence vManager. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in job config.xml files on the Jenkins controller. An attacker can gain unauthorized acce...

5.3CVSS6.8AI score0.00937EPSS

Exploits0References2

OSV•added 2025/04/02 3:31 p.m.•16 views

GHSA-X9HJ-Q7XV-FV4V Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...

4.3CVSS4.8AI score0.00937EPSS

Exploits0References4

Cvelist•added 2025/04/02 2:59 p.m.•14 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

0.00937EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 4:4 a.m.•4 views

SUSE CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

5.4CVSS5AI score0.00233EPSS

Exploits0References3

OSV•added 2022/05/24 5:27 p.m.•22 views

GHSA-V46Q-XJP5-7P6R Stored XSS vulnerability in Jenkins Cadence vManager Plugin

8CVSS5.2AI score0.00233EPSS

Exploits0References4

Github Security Blog•added 2022/05/24 4:58 p.m.•24 views

Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification

Jenkins Cadence vManager Plugin prior to version 2.7.1 disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This issue is patched in 2.7.1...

8.2CVSS2.3AI score0.0005EPSS

Exploits0References4Affected Software1

CNVD•added 2020/09/08 12:0 a.m.•3 views

CloudBees Jenkins XSS Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An XSS vulnerability exists i...

5.4CVSS6.6AI score0.00233EPSS

Exploits0References1

OSV•added 2020/09/01 2:15 p.m.•9 views

CVE-2020-2243

5.4CVSS5.5AI score

Exploits0References2