Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and…

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a…

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause,…

A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. Devamını Oku

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. Devamını Oku

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component controllerindex.php, which can be exploited via the sql() method. Devamını Oku

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the add() method. Devamını Oku

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerpoint.php, which can be exploited via the add() method. Devamını Oku

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the addqq() method. Devamını Oku

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component controllerindex.php, which can be exploited via the sj() method. Devamını Oku