Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
developer tools vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43405
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protect...
Jenkins Groovy Libraries
NA
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and previous versions does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort)...
Jenkins Pipeline\\ Input Step
NA
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and previous versions does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create ...
Jenkins Pipeline\\ Supporting Apis
NA
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including...
Jenkins Script Security
NA
CVE-2022-43408
Jenkins Pipeline: Stage View Plugin 2.26 and previous versions does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resu...
Jenkins Pipeline\\ Stage View
4
CVSSv2
CVE-2022-30952
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and previous versions allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
Jenkins Blue Ocean
NA
CVE-2022-43406
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sand...
Jenkins Groovy Libraries
NA
CVE-2022-43402
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to b...
Jenkins Pipeline\\ Groovy
4.4
CVSSv2
CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload....
Gnu Grub2
Redhat Openshift 3.0
Redhat Enterprise Linux 8.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux For Power Little Endian Eus 8.2
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Power Little Endian Eus 8.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.1
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.6
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux For Power Little Endian Eus 8.6
NA
CVE-2022-37974
Windows Mixed Reality Developer Tools Information Disclosure Vulnerability
Microsoft Windows 10 20h2
Microsoft Windows 10 21h1
Microsoft Windows 11 -
Microsoft Windows 10 21h2
Microsoft Windows 11 22h2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »