Missing Authorization

Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...

Spoofing

Microsoft JDBC Driver for SQL Server is vulnerable to Spoofing. The vulnerability is due to improper input validation, allowing an unauthorized network attacker to spoof identities or responses during communication with the SQL Server...

Cleartext Password Disclosure

Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...

Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing CSRF protection in the plugin configuration endpoints, which allows an attacker to force a victim to connect Jenkins to an attacker-controlled URL using...

Path Traversal

Robocode is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of file paths in the recursivelyDelete method of the CacheCleaner component, allowing attackers to manipulate file paths and traverse directories to delete arbitrary files on the system...

Sensitive Information Exposure

org.jenkins-ci.plugins, curseforge-publisher is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API keys on the job configuration form, which allows an attacker to observe and capture the exposed credentials...

XML External Entity (XXE)

org.jenkins-ci.plugins, jdepend is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration of the XML parser that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perform...

Authorization Bypass

Jenkins Nexus Task Runner Plugin is vulnerable to an Authorization Bypass. The vulnerability is due to a missing permission check, allowing attackers with only Overall/Read permission to force the plugin to connect to an attacker-controlled URL using attacker-supplied credentials, potentially...

Cross-site Scripting (XSS)

Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...

Improper Access Control

Liferay Portal is vulnerable to improper access control. The vulnerability is due to APIs not restricting access before a user verifies their email address, which allows a remote attacker to access and modify content through the API without proper verification...

Authorization Bypass

Jenkins global-build-stats Plugin is vulnerable to Authorization Bypass. The vulnerability is due to missing permission checks in REST API endpoints, where the plugin exposes graph-related APIs without validating the caller’s authorization, and allows attackers with Overall/Read permission to...

Cross-Site Scripting (XSS)

Jenkins Gatling is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to bypass of Content-Security-Policy protections when serving Gatling reports, which allows an attacker to inject and execute malicious scripts through modified report content...

XML External Entity (XXE) Injection

org.wso2.am:am-distribution-parent are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without sufficient restrictions, which allows an attacker to supply malicious XML to read sensitive files or trigger denial-of-service...

Authentication Bypass

Jenkins SAML Plugin is vulnerable to Authentication Bypass. The vulnerability is due to the absence of a replay cache in the SAML authentication flow, allowing attackers who capture SAML authentication messages to replay them and authenticate to Jenkins as the affected user...

XML External Entity (XXE)

GeoServer is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML entity resolution in schema parsing, which allows an attacker to exploit external entity references to access sensitive data or perform unauthorized actions...

Jeecg-boot SQL Injection Vulnerability

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

Arbitrary File Upload

net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in the /ms/template/writeFileContent.do component, which allows an attacker to upload arbitrary files and potentially execute malicious code on the server...

Information Disclosure

Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...

XML External Entity (XXE) Injection

Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...

Remote Code Execution (RCE)

Keycloak is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure default binding of the debug JDWP port to all network interfaces in debug mode, which allows an attacker on the same network to attach a debugger and execute arbitrary code...

SQL Injection

Liferay Portal is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user input in the title field of the Friendly URL module, which allows an attacker to inject and execute arbitrary SQL commands...

Cross-Site Request Forgery (CSRF)

Liferay Portal is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of requests in the Headless API endpoint parameter, which allows a remote attacker to execute arbitrary Headless API calls by crafting a malicious request...

XML External Entity (XXE)

org.wso2.carbon.mediation, org.wso2.carbon.localentry is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration without sufficient restrictions on external entity resolution, which allows an unauthenticated remote attacker to read sensitive files or...

Path Traversal

cn.dreampie:resty is vulnerable to Path Traversal. The vulnerability is due to improper validation of the filename parameter in the HttpClient module, which allows an attacker to manipulate file paths and access unauthorized files on the system...

Authorization Bypass

Jenkins OpenTelemetry Plugin is vulnerable to Authorization Bypass. The vulnerability is due to the plugin allows users with only Overall/Read permission to invoke functionality that connects to attacker-specified URLs using attacker-controlled credential IDs, and enables attackers to capture or...

Sandbox Protection Bypass

io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps is vulnerable to Sandbox Protection Bypass. The vulnerability is due to an overly permissive custom script security whitelist, which allows an attacker to invoke arbitrary methods and bypass sandbox restrictions...

SQL Injection

Jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the code parameter in the /sys/user/queryUserComponentData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

Server-Side Template Injection (SSTI)

net.mingsoft, ms-mcms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-supplied input in the Template Management module, which allows an attacker to inject and execute arbitrary template code on the server...

Remote Code Execution

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

XML External Entity (XXE) Injection

Jenkins CCCC Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper configuration of the XML parser without XXE protection, which allows an attacker to process malicious XML input and access sensitive resources...

Insertion Of Sensitive Information

Jenkins Kryptowire Plugin is vulnerable to insertion of sensitive information. The vulnerability is due to storing the Kryptowire API key in an unencrypted global configuration file, which allows an attacker with access to the Jenkins controller file system to retrieve the API key...

Stored Cross-Site Scripting

Liferay Portal and Liferay DXP are vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-controlled input, where the name of a fieldset in Kaleo Forms Admin is stored without proper escaping, allowing an authenticated attacker to persistently...

Information Exposure

Liferay Portal is vulnerable to information exposure. The vulnerability is due to improper logging in the LDAP import feature, which allows a local attacker to view user email addresses stored in application log files...

Improper Access Control

com.blazemeter.plugins, BlazeMeterJenkinsPlugin is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the Jenkins UI, which allows an attacker to view sensitive resource identifiers such as credential IDs, workspaces, and project IDs without prope...

Path Traversal

io.github.wwwlike, vlife-base is vulnerable to Path Traversal. The vulnerability is due to improper validation of the fileName argument in the create function of SysFileApi.java, which allows a remote attacker to manipulate file paths and perform unauthorized file access via path traversal...

SQL Injection

Apache Hive is vulnerable to SQL Injection. The vulnerability is due to improper handling of delete column statistics requests via Thrift APIs, which allows an authorized attacker to inject malicious SQL queries and manipulate backend database operations...

Denial Of Service (DoS)

org.jenkins-ci.main, jenkins-core is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling and closure of corrupted HTTP-based CLI connection streams, which allows an unauthenticated attacker to trigger a denial of service by sending malformed or corrupted connection...

Missing Authorization

PowerJob is vulnerable to Missing Authorization. The vulnerability is due to insufficient authorization checks in the /openApi/runJob endpoint of OpenAPIController, allowing remote attackers to invoke job execution without proper authentication or authorization...

Improper Authentication

org.jenkins-ci.plugins, active-directory is vulnerable to improper authentication. The vulnerability is due to improper handling of cached successful authentications in Windows/ADSI mode, which allows an attacker to log in as any user using any password while the valid authentication session...

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

Permission Bypass

Jenkins Folder-based Authorization Strategy Plugin is vulnerable to Permission Bypass. The vulnerability is due to the plugin not verifying that permissions configured to be granted are enabled, where users formerly granted optional permissions can access functionality they're no longer entitled...

Insecure Deserialization

org.keycloak, keycloak-ldap-federation is vulnerable to insecure deserialization. The vulnerability is due to improper handling of untrusted Java object deserialization in a malicious LDAP server configuration, which allows an authenticated realm administrator to trigger the execution of arbitrar...

Cross-Site Scripting (XSS)

com.liferay, com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Account Role “Title” and Organization “Name” fields, which allows an attacker to inject crafted HTML or JavaScript payloads that execute when users vi...

CRLF Injection

org.apache.heron, heron-api is vulnerable to CRLF Injection. The vulnerability is due to improper escaping of log input in log statements, which allows an attacker to inject malicious CRLF characters and manipulate log entries...

Server-Side Request Forgery (SSRF)

PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...

Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, themis is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of user requests, which allows an attacker to trick users into initiating connections to an attacker-controlled HTTP server...

Remote Code Execution (RCE)

net.mingsoft, ms-mcms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation in the Template Management function, which allows an attacker to execute arbitrary code via a crafted payload...

Password Enumeration

Liferay Portal is vulnerable to password enumeration. The vulnerability is due to insufficient protection against brute-force attempts, which allows an attacker to systematically guess and determine a user’s password even when account lockout mechanisms are enabled...

Authorization Bypass

Spring Framework is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of authorization checks in STOMP over WebSocket message handling, which allows an attacker to send unauthorized messages and bypass intended security controls...

Sensitive Information Disclosure

Jenkins ReadyAPI Functional Testing Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing license keys, client secrets, and passwords in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the...