CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

CVE-2026-57283

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

CVE-2026-11877

CVE-2026-11877 describes a missing authorization issue in OpenText Access Manager prior to 5.1.3, where an unauthorized user can modify configuration via API calls. The affected product is OpenText Access Manager; the vulnerability stems from insufficient access control on API configuration endpo...

EUVD-2026-38792

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

EUVD-2026-38783

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

CVE-2026-57290

A CSRF vulnerability affects Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier, allowing attackers to overwrite the global job priority configuration. Affected version range includes 936.v2c01c6b_84449 and earlier; no exploitation details are provided in the available documents. Remed...

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

CVE-2026-57287

Affected product: Jenkins Job Configuration History Plugin. Vulnerable component: historical job/agent configuration display. Root cause: plugin versions 1356.ve360da_6c523a_ and earlier fail to redact encrypted secret values when shown in history, enabling disclosure to users with Extended Read....

CVE-2026-57284

CVE-2026-57284 affects Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier. The vulnerability arises because the Pipeline Snippet Generator does not restrict the types that can be instantiated, potentially allowing an attacker to instantiate types related to job or system configuration...

EUVD-2026-38765

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

EUVD-2026-38764

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

CVE-2026-57283

CVE-2026-57283 affects Jenkins Pipeline: Groovy Plugin (versions including 4331.v9d06ed4658ff and earlier). The vulnerability is a cross-site request forgery (CSRF) in the Pipeline Snippet Generator that lets an attacker instantiate types related to job or system configuration beyond Pipeline ste...

CVE-2026-56351

n8n is affected by an SQL injection in the MySQL, PostgreSQL, and Microsoft SQL nodes for versions prior to 2.4.0. The vulnerability arises from unescaped identifier values in node configuration parameters, allowing an authenticated user with workflow creation permissions to supply crafted table ...

CVE-2026-56270

Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...

EUVD-2026-38747

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

CVE-2026-54762

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When an Ingress is configured to use BasicAuth or DigestAuth, but the associated authentication secret cannot be resolved or is malformed, Traefik fails to apply the authentication middleware. This allows unauthenticated access...

CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...