Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause,…

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a…

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and…

A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. Devamını Oku

XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. Devamını Oku

emlog v6.0 contains a vulnerability in the component admintemplate.php, which allows attackers to getshell via a crafted Zip file. Devamını Oku

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component controllerindex.php, which can be exploited via the sj() method. Devamını Oku

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the addqq() method. Devamını Oku

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerpoint.php, which can be exploited via the add() method. Devamını Oku

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the add() method. Devamını Oku