In Jenkins versions through 2.93 a low severity vulnerability CVE-2017-17383 was detected. This vulnerability allows remote authenticated administrators to conduct Cross-Site Scripting (XSS) attacks by injecting a specially crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin. To address this issue, users should upgrade Jenkins to version 2.94. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17383.
Read more Developer ToolsIn GitLab versions 9.4.x before 9.4.2 a medium severity vulnerability CVE-2017-17716 was detected. This vulnerability allows attackers to potentially intercept LDAP credentials or perform Man-in-the-Middle (MitM) attacks because the application does not support LDAP SSL certificate verification. This occurred because code related to the verify_certificates LDAP option was not merged. To address this issue, users should upgrade GitLab to version 9.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-17716.
Read more Developer ToolsIn Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta a high severity vulnerability CVE-2014-8681 was detected. This vulnerability allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues due to a SQL injection flaw in the GetIssues function in models/issue.go. To address this issue, users should upgrade Gogs to version 0.5.6.1025 Beta. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-8681.
Read more Developer ToolsIn GitLab Enterprise Edition (EE) versions 6.6.0 before 6.6.2 a medium severity vulnerability CVE-2014-3456 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade GitLab Enterprise Edition (EE) to version 6.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-3456.
Read more Developer ToolsIn Argo CD versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9 a critical severity vulnerability CVE-2026-42880 was detected. This vulnerability allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server’s Server-Side Apply dry-run mechanism due to a missing authorization and data-masking gap in Argo CD’s ServerSideDiff endpoint. To address this issue, users should upgrade Argo CD to versions 3.2.11 or 3.3.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42880.
Read more Developer ToolsIn Prefect versions up to 3.6.21 a high severity vulnerability CVE-2026-7722 was detected. This vulnerability allows remote attackers to bypass authentication by manipulating the endswith function within the /api/health endpoint. To address this issue, users should upgrade Prefect to version 3.6.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7722.
Read more Developer ToolsIn Argo CD versions 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9 a high severity vulnerability CVE-2026-43824 was detected. This vulnerability allows attackers to read cleartext Kubernetes Secret data via the ServerSideDiff feature. To address this issue, users should upgrade Argo CD to versions 3.2.11 or 3.3.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-43824.
Read more Developer ToolsIn Prefect versions up to 3.6.13 a high severity vulnerability CVE-2026-7723 was detected. This vulnerability allows remote attackers to bypass authentication via the /api/events/in WebSocket endpoint. To address this issue, users should upgrade Prefect to version 3.6.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-7723.
Read more Developer ToolsIn Jenkins GitHub Branch Source Plugin version 1967.vdea_d580c1a_b_a_ and earlier a medium severity vulnerability CVE-2026-42522 was detected. This vulnerability allows attackers with Overall/Read permission to initiate connections to attacker-specified URLs using attacker-controlled GitHub App credentials due to a missing permission check. To address this issue, users should upgrade Jenkins GitHub Branch Source plugin to version 1967.1969.v205fd594c821. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42522.
Read more Developer Tools