Session Fixation

Jenkins Bitbucket OAuth Plugin is vulnerable to session fixation. The vulnerability is due to the plugin not invalidating the previous session on login, where an attacker can reuse an existing session and gain unauthorized access...

Cross-site Request Forgery

Jenkins Nexus Task Runner Plugin is vulnerable to a Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on sensitive plugin endpoints, where crafted requests can trigger actions without user interaction, allowing attackers to force an authenticated Jenkins user to...

XML External Entity (XXE) Injection

Mustang is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper restriction of external entity references during XML processing, which allows an attacker to exploit XXE attacks to exfiltrate arbitrary files from the affected system...

Stored Cross-site-scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to incomplete sanitization of uploaded SVG file content, which allows an attacker to inject malicious scripts and execute them in a user’s browser...

Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed compressed data in decompression routines, which allows an attacker to craft input that leaks previous buffer contents and expose sensitive data...

Missing Authorization Checks

org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to missing authorization checks. The vulnerability is due to a missing permission check when accessing credential-related functionality, which allows an attacker with Overall/Read permission to enumerate credential IDs stored in Jenkins...

Reflected Cross-site Scripting (XSS)

com.liferay.portal, com.liferay.portal.impl are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation in the googlegadget component, which allows a remote unauthenticated attacker to inject and execute malicious JavaScript in a victim’s browser...

SQL Injection

Mingsoft MCMS is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the /mdiy/model/delete URI, which allows an attacker to inject and execute arbitrary SQL commands...

Unrestricted File Upload

dnn.platform is vulnerable to Unrestricted File Upload. The vulnerability is due to the default HTML editor provider allowing unauthenticated file uploads and overwriting of existing files, which allows an attacker to upload malicious files, deface the website, and potentially inject XSS payloads...

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the title parameter in the /sys/dict/loadTreeData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

Improper Session Management

Keycloak is vulnerable to improper session management. The vulnerability is due to reuse of session identifiers and improper cleanup during logout when browser cookies are missing, which allows an attacker to gain unauthorized access to another user’s active session and receive their authenticati...

Directory Traversal

Mammoth is vulnerable to Directory Traversal. The vulnerability is due to the lack of path or file type validation when processing DOCX files with externally linked images, which allows an attacker to read arbitrary files on the system or trigger excessive resource consumption by referencing...

Improper Authentication

org.jenkins-ci.plugins, active-directory is vulnerable to improper authentication. The vulnerability is due to the use of a magic constant during password validation, which allows an attacker to log in as any user by using the crafted magic constant as the password...

Denial Of Service (DoS)

org.apache.struts, struts2-core is vulnerable to Denial of Service DoS. The vulnerability is due to a file leak during multipart request processing, which allows an attacker to repeatedly trigger file creation on disk, leading to disk exhaustion and service disruption...

Remote Code Execution (RCE)

org.apache.dubbo:dubbo is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization handling in hessian-lite during exception logging, which allows an attacker to execute malicious code through crafted serialized data...

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API tokens on the job configuration form, which allows an attacker to observe and capture these tokens...

Denial Of Service (DoS)

Liferay Portal and Liferay DXP are vulnerable to denial-of-service DoS. The vulnerability is due to the absence of limits on the number of objects returned from Headless API requests, which allows an attacker to exploit the application by sending requests that retrieve an excessively large number...

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

Cross-site Scripting (XSS)

Jenkins Coverage Plugin is vulnerable to a stored Cross-Site Scripting. The vulnerability is caused by missing validation of the coverage results ID when configured via the REST API, allowing attackers with Item/Configure permission to inject a javascript: URL that executes in users’ browsers...

Denial Of Service (DoS)

Liferay Portal / Liferay DXP is vulnerable to Denial of Service DoS. The vulnerability is due to the ComboServlet not enforcing limits on the number or size of files it combines, which allows a remote attacker to craft malicious URL query strings that generate extremely large responses...

CSRF Bypass

Jenkins Bitbucket Server Integration Plugin is vulnerable to CSRF Bypass. The vulnerability is due to an overly permissive implementation of an extension point that selectively disables cross-site request forgery CSRF protection for specific URLs, where attackers can craft URLs that would bypass...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...

Use Of Hard-coded Cryptographic Key

Apache StreamPark is vulnerable to use of a hard-coded cryptographic key. The vulnerability is due to Apache StreamPark uses an immutable, embedded key for encryption instead of a securely generated or configurable one, allowing attackers who obtain the key through reverse engineering or source...

Path Traversal

Jenkins Redpen – Pipeline Reporter for Jira Plugin is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation of the workspace directory during artifact upload, where the plugin fails to enforce proper directory constraints, allowing attackers with Item/Configure...

Code Injection

org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...

Uncontrolled Resource Consumption

Apache Commons Configuration is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to multiple design issues in the configuration loading and processing logic, where loading untrusted configuration files or allowing attacker-controlled usage patterns can trigger excessive C...

Remote Code Execution (RCE)

org.apache.hugegraph, hg-pd-core is vulnerable to a Remote Code Execution. The vulnerability is due to insecure Hessian deserialization in the Raft cluster membership logic, where a malicious Raft node can send crafted objects that bypass type safety and trigger unsafe deserialization and attacke...

Improper Restriction Of Command Execution

org.jenkins-ci.plugins, azure-cli is vulnerable to improper restriction of command execution. The vulnerability is due to insufficient validation of executed commands, which allows an attacker with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller...

Remote Code Execution (RCE)

MySQL Connector/J is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unspecified flaw in Connector/J that allows an unauthenticated attacker with network access to compromise the connector through user interaction, potentially resulting in complete takeover of the affected...

XML External Entity (XXE) Injection

Jenkins Semantic Versioning Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper validation of controller/agent messages and unrestricted parsing of attacker-controlled files containing external entities, allowing attackers controlling agent processes to...

Denial Of Service

Eclipse Jetty is vulnerable to Denial of Service. The vulnerability is due to improper handling of malformed or illegal HTTP/2 frames such as invalid WINDOWUPDATE frames, which allows an attacker to repeatedly trigger RSTSTREAM responses and exhaust server CPU and memory resources...

Missing Authorization

Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...

Spoofing

Microsoft JDBC Driver for SQL Server is vulnerable to Spoofing. The vulnerability is due to improper input validation, allowing an unauthorized network attacker to spoof identities or responses during communication with the SQL Server...

Cleartext Password Disclosure

Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...

Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing CSRF protection in the plugin configuration endpoints, which allows an attacker to force a victim to connect Jenkins to an attacker-controlled URL using...

Path Traversal

Robocode is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of file paths in the recursivelyDelete method of the CacheCleaner component, allowing attackers to manipulate file paths and traverse directories to delete arbitrary files on the system...

Sensitive Information Exposure

org.jenkins-ci.plugins, curseforge-publisher is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API keys on the job configuration form, which allows an attacker to observe and capture the exposed credentials...

XML External Entity (XXE)

org.jenkins-ci.plugins, jdepend is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration of the XML parser that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perform...

Authorization Bypass

Jenkins Nexus Task Runner Plugin is vulnerable to an Authorization Bypass. The vulnerability is due to a missing permission check, allowing attackers with only Overall/Read permission to force the plugin to connect to an attacker-controlled URL using attacker-supplied credentials, potentially...

Cross-site Scripting (XSS)

Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...

Improper Access Control

Liferay Portal is vulnerable to improper access control. The vulnerability is due to APIs not restricting access before a user verifies their email address, which allows a remote attacker to access and modify content through the API without proper verification...

Authorization Bypass

Jenkins global-build-stats Plugin is vulnerable to Authorization Bypass. The vulnerability is due to missing permission checks in REST API endpoints, where the plugin exposes graph-related APIs without validating the caller’s authorization, and allows attackers with Overall/Read permission to...

Cross-Site Scripting (XSS)

Jenkins Gatling is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to bypass of Content-Security-Policy protections when serving Gatling reports, which allows an attacker to inject and execute malicious scripts through modified report content...

XML External Entity (XXE) Injection

org.wso2.am:am-distribution-parent are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without sufficient restrictions, which allows an attacker to supply malicious XML to read sensitive files or trigger denial-of-service...

Authentication Bypass

Jenkins SAML Plugin is vulnerable to Authentication Bypass. The vulnerability is due to the absence of a replay cache in the SAML authentication flow, allowing attackers who capture SAML authentication messages to replay them and authenticate to Jenkins as the affected user...

XML External Entity (XXE)

GeoServer is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML entity resolution in schema parsing, which allows an attacker to exploit external entity references to access sensitive data or perform unauthorized actions...

Jeecg-boot SQL Injection Vulnerability

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

Arbitrary File Upload

net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in the /ms/template/writeFileContent.do component, which allows an attacker to upload arbitrary files and potentially execute malicious code on the server...

XML External Entity (XXE) Injection

Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...