Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-64150
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64137
A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64138
A cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64139
A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64141
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64142
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64143
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-10-29
CVE-2025-64136
A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-29
CVE-2015-10147
The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-10-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved