Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 58분 지남

CVE-2022-30956

수, 2022/05/18 - 12:15오전
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.

CVE-2022-30957

수, 2022/05/18 - 12:15오전
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-30945

수, 2022/05/18 - 12:15오전
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.

CVE-2022-30946

수, 2022/05/18 - 12:15오전
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

CVE-2022-30947

수, 2022/05/18 - 12:15오전
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVE-2022-30948

수, 2022/05/18 - 12:15오전
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVE-2022-30949

수, 2022/05/18 - 12:15오전
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.

CVE-2022-29332

화, 2022/05/17 - 11:15오후
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.

CVE-2022-30110

화, 2022/05/17 - 11:15오후
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.

CVE-2022-1711

화, 2022/05/17 - 10:15오후
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.

CVE-2021-42643

화, 2022/05/17 - 9:15오후
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.

CVE-2021-42644

화, 2022/05/17 - 9:15오후
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.

CVE-2021-42943

화, 2022/05/17 - 8:15오후
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

CVE-2022-1723

화, 2022/05/17 - 6:15오후
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.

CVE-2013-10001

화, 2022/05/17 - 5:15오후
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

CVE-2022-26650

화, 2022/05/17 - 5:15오후
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.

CVE-2022-1753

화, 2022/05/17 - 3:15오후
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.

CVE-2022-23670

화, 2022/05/17 - 6:15오전
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

CVE-2022-1586

화, 2022/05/17 - 6:15오전
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

CVE-2022-1587

화, 2022/05/17 - 6:15오전
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

페이지