Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

57 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-4004

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00066EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 7:11 p.m.6 views

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 6:19 p.m.6 views

CVE-2021-21665

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

8.8CVSS6.6AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 10:25 a.m.8 views

CVE-2019-10305

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.0003EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:15 a.m.1 views

CVE-2019-10304

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.00066EPSS
Exploits0References1
OSV
OSVadded 2022/05/24 10:1 p.m.22 views

GHSA-H246-G39X-7VMX Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs

Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture t...

4.3CVSS4.3AI score0.00119EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/24 10:1 p.m.20 views

Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs

Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture t...

4.3CVSS4.8AI score0.00119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 7:4 p.m.25 views

Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

6.5CVSS6.3AI score0.00047EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 7:4 p.m.26 views

Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

4.3CVSS4.9AI score0.00117EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/05/24 7:4 p.m.14 views

GHSA-38PM-74XC-PHCW CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

8CVSS8.7AI score0.00074EPSS
Exploits0References4
OSV
OSVadded 2022/05/24 7:4 p.m.14 views

GHSA-6MPP-CM3V-23VV Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

4.3CVSS4.3AI score0.00117EPSS
Exploits0References4
OSV
OSVadded 2022/05/24 7:4 p.m.17 views

GHSA-JM4G-8RVQ-V87J Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

6.5CVSS6.2AI score0.00047EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/24 7:4 p.m.31 views

CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

8.8CVSS7.4AI score0.00074EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/05/24 4:43 p.m.13 views

GHSA-GRPP-GX5H-PVH8 Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF)

A missing permission check in a form validation method in Jenkins XebiaLabs XL Deploy Plugin allows users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified credentials. Additionally, the form validation method does not require POST...

4.3CVSS6.3AI score0.00066EPSS
Exploits0References4
OSV
OSVadded 2022/05/24 4:43 p.m.14 views

GHSA-44W7-GH9C-4QVR Missing permission check in Jenkins XebiaLabs XL Deploy Plugin

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.2AI score0.0003EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/05/24 4:43 p.m.20 views

Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF)

A missing permission check in a form validation method in Jenkins XebiaLabs XL Deploy Plugin allows users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified credentials. Additionally, the form validation method does not require POST...

6.5CVSS6.6AI score0.00066EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/24 4:43 p.m.26 views

Missing permission check in Jenkins XebiaLabs XL Deploy Plugin

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.8AI score0.0003EPSS
Exploits0References5Affected Software1
CNVD
CNVDadded 2021/06/16 12:0 a.m.13 views

Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2021-49068)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...

8.8CVSS6.6AI score0.00074EPSS
Exploits0References1
OSV
OSVadded 2021/06/10 3:15 p.m.14 views

CVE-2021-21663

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

4.3CVSS6.4AI score
Exploits0References2
NVD
NVDadded 2021/06/10 3:15 p.m.10 views

CVE-2021-21663

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

4.3CVSS0.00117EPSS
Exploits0References2
Rows per page
Query Builder