Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

Remote Code Execution (RCE)

Keycloak is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure default binding of the debug JDWP port to all network interfaces in debug mode, which allows an attacker on the same network to attach a debugger and execute arbitrary code...

SQL Injection

Liferay Portal is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user input in the title field of the Friendly URL module, which allows an attacker to inject and execute arbitrary SQL commands...

Cross-Site Request Forgery (CSRF)

Liferay Portal is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of requests in the Headless API endpoint parameter, which allows a remote attacker to execute arbitrary Headless API calls by crafting a malicious request...

XML External Entity (XXE)

org.wso2.carbon.mediation, org.wso2.carbon.localentry is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration without sufficient restrictions on external entity resolution, which allows an unauthenticated remote attacker to read sensitive files or...

Path Traversal

cn.dreampie:resty is vulnerable to Path Traversal. The vulnerability is due to improper validation of the filename parameter in the HttpClient module, which allows an attacker to manipulate file paths and access unauthorized files on the system...

Authorization Bypass

Jenkins OpenTelemetry Plugin is vulnerable to Authorization Bypass. The vulnerability is due to the plugin allows users with only Overall/Read permission to invoke functionality that connects to attacker-specified URLs using attacker-controlled credential IDs, and enables attackers to capture or...

SQL Injection

Jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the code parameter in the /sys/user/queryUserComponentData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

Server-Side Template Injection (SSTI)

net.mingsoft, ms-mcms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-supplied input in the Template Management module, which allows an attacker to inject and execute arbitrary template code on the server...

Remote Code Execution

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

Insertion Of Sensitive Information

Jenkins Kryptowire Plugin is vulnerable to insertion of sensitive information. The vulnerability is due to storing the Kryptowire API key in an unencrypted global configuration file, which allows an attacker with access to the Jenkins controller file system to retrieve the API key...

Stored Cross-Site Scripting

Liferay Portal and Liferay DXP are vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-controlled input, where the name of a fieldset in Kaleo Forms Admin is stored without proper escaping, allowing an authenticated attacker to persistently...

Information Exposure

Liferay Portal is vulnerable to information exposure. The vulnerability is due to improper logging in the LDAP import feature, which allows a local attacker to view user email addresses stored in application log files...

Improper Access Control

com.blazemeter.plugins, BlazeMeterJenkinsPlugin is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the Jenkins UI, which allows an attacker to view sensitive resource identifiers such as credential IDs, workspaces, and project IDs without prope...

Path Traversal

io.github.wwwlike, vlife-base is vulnerable to Path Traversal. The vulnerability is due to improper validation of the fileName argument in the create function of SysFileApi.java, which allows a remote attacker to manipulate file paths and perform unauthorized file access via path traversal...

SQL Injection

Apache Hive is vulnerable to SQL Injection. The vulnerability is due to improper handling of delete column statistics requests via Thrift APIs, which allows an authorized attacker to inject malicious SQL queries and manipulate backend database operations...

Denial Of Service (DoS)

org.jenkins-ci.main, jenkins-core is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling and closure of corrupted HTTP-based CLI connection streams, which allows an unauthenticated attacker to trigger a denial of service by sending malformed or corrupted connection...

Missing Authorization

PowerJob is vulnerable to Missing Authorization. The vulnerability is due to insufficient authorization checks in the /openApi/runJob endpoint of OpenAPIController, allowing remote attackers to invoke job execution without proper authentication or authorization...

Improper Authentication

org.jenkins-ci.plugins, active-directory is vulnerable to improper authentication. The vulnerability is due to improper handling of cached successful authentications in Windows/ADSI mode, which allows an attacker to log in as any user using any password while the valid authentication session...

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

Permission Bypass

Jenkins Folder-based Authorization Strategy Plugin is vulnerable to Permission Bypass. The vulnerability is due to the plugin not verifying that permissions configured to be granted are enabled, where users formerly granted optional permissions can access functionality they're no longer entitled...

Insecure Deserialization

org.keycloak, keycloak-ldap-federation is vulnerable to insecure deserialization. The vulnerability is due to improper handling of untrusted Java object deserialization in a malicious LDAP server configuration, which allows an authenticated realm administrator to trigger the execution of arbitrar...

Cross-Site Scripting (XSS)

com.liferay, com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Account Role “Title” and Organization “Name” fields, which allows an attacker to inject crafted HTML or JavaScript payloads that execute when users vi...

Server-Side Request Forgery (SSRF)

PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...

Remote Code Execution (RCE)

net.mingsoft, ms-mcms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation in the Template Management function, which allows an attacker to execute arbitrary code via a crafted payload...

Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, themis is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of user requests, which allows an attacker to trick users into initiating connections to an attacker-controlled HTTP server...

Password Enumeration

Liferay Portal is vulnerable to password enumeration. The vulnerability is due to insufficient protection against brute-force attempts, which allows an attacker to systematically guess and determine a user’s password even when account lockout mechanisms are enabled...

Authorization Bypass

Spring Framework is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of authorization checks in STOMP over WebSocket message handling, which allows an attacker to send unauthorized messages and bypass intended security controls...

Sensitive Information Disclosure

Jenkins ReadyAPI Functional Testing Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing license keys, client secrets, and passwords in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the...

Directory Traversal

org.craftercms, crafter-studio is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs, which allows an unauthenticated attacker to overwrite arbitrary files on the operating system via crafted path traversal sequences, potentially leading to Remo...

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

XML External Entity (XXE)

org.jenkins-ci.plugins, generic-webhook-trigger is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perfor...

Arbitrary File Upload

ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded ZIP files in the New Template module, allowing attackers to upload crafted files that can be executed on the server, leading to arbitrary code execution...

Denial Of Service (DoS)

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, and next.js are vulnerable to Denial-Of-Service DoS vulnerability. The vulnerability is due to unsafe deserialization of payloads sent to React Server Components Server Function endpoints, where a crafted HTTP request...

Improper Cache Control

Liferay Portal is vulnerable to improper cache control. The vulnerability is due to the use of incorrect cache-control headers, which allows an attacker to gain unauthorized access to downloaded files through the browser’s cache...

Improper Authentication

com.liferay, com.liferay.portal.cluster.multiple are vulnerable to Improper Authentication. The vulnerability is due to insufficient authentication of cluster messages, which allows a remote attacker to send unauthenticated malicious data that is processed as trusted data by the affected systems...

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-autoconfigure is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in Cassandra SSL auto-configuration, which allows an attacker to perform man-in-the-middle attacks by intercepting and spoofing truste...

Improper Session Expiration Enforcement

org.keycloak, keycloak-services is vulnerable to improper session expiration enforcement. The vulnerability is due to session expiration logic relying on a session-local “remember-me” flag without validating the current realm-level configuration, which allows an attacker to exploit existing...

Sandbox Bypass

org.jenkins-ci.plugins, script-security is vulnerable to sandbox bypass. The vulnerability is due to improper handling of default parameter expressions in constructors, which allows an attacker to execute arbitrary code through crafted sandboxed scripts...

Information Disclosure

org.keycloak, keycloak-services is vulnerable to information disclosure. The vulnerability is due to insufficient authorization checks on the /admin/realms/realm/roles endpoint, which allows an attacker to access and disclose sensitive role metadata without proper permissions...

XML External Entity (XXE) Injection

cyclonedx-core-java is vulnerable to XML External Entity XXE injection. The vulnerability is due to an insecurely configured XML Validator, where external entity processing was not fully disabled during XML validation, allowing attackers to supply a crafted CycloneDX XML BOM that triggers externa...

Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, windocks-start-container is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to trick users into initiating connections to an attacker-specified URL...

Arbitrary Code Execution

Jenkins Templating Engine Plugin is vulnerable to Arbitrary Code Execution. The vulnerability is due to libraries defined in folders not being subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the Jenkins controller JVM...

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the absence of the sandbox attribute in elements within the Blogs widget, which allows attackers to inject malicious scripts via crafted content and gain access to the parent page through...

Information Disclosure

Jenkins OpenShift Pipeline Plugin is vulnerable to sensitive information exposure. The vulnerability is due to storing authorization tokens in plaintext within job config.xml files, where the plugin fails to encrypt or securely protect authentication tokens used for OpenShift access, and allows...

Incorrect Authorization

org.nutz:nutzboot-parent is vulnerable to Incorrect Authorization. The vulnerability is due to inadequate validation of transaction parameters from/to/wei in the Transaction API, which allows an attacker to manipulate requests and perform unauthorized actions remotely...

Denial Of Service

rhino is vulnerable to a Denial of Service. The vulnerability is due to improper handling of attacker-controlled floating-point values in the toFixed function, where small or specially crafted numbers trigger an expensive call chain that attempts to raise 5 to an extremely large power, and...

Use Of Hardcoded Cryptographic Key

sureness is vulnerable to Use of Hardcoded Cryptographic Key. The vulnerability is due to the use of a hardcoded key within the application, allowing attackers who obtain or reverse engineer the key to bypass security protections or forge trusted data...

Remote Code Execution (RCE)

Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user input in alert scripts, which allows an attacker to execute arbitrary shell scripts on the server...

Improper Credential Access Control

Jenkins HashiCorp Vault Plugin is vulnerable to an Improper Credential Access Control. The vulnerability is due to failure to set the correct context during Vault credential lookups, where attackers with only Item/Configure permission can trick the plugin into returning Vault credentials outside...