CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/10 1:55 p.m.•13 views

EUVD-2026-36034

9.6CVSS5.5AI score0.00281EPSS

Vulnrichment•added 2026/06/10 1:6 p.m.•6 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3AI score0.00175EPSS

AlpineLinux•added 2026/06/10 1:6 p.m.•5 views

CVE-2026-53442

5.3CVSS5.5AI score0.00175EPSS

RedHat Linux•added 2026/06/10 12:31 p.m.•4 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.7AI score0.01869EPSS

Exploits0References5

The Hacker News•added 2026/06/10 10:27 a.m.•15 views

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk...

5.7AI score

The Hacker News•added 2026/06/10 7:2 a.m.•18 views

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory that requires...

5.7AI score

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48444

9.6CVSS5.5AI score0.00281EPSS

Exploits0References4

CNNVD•added 2026/06/10 12:0 a.m.•5 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...

5.3CVSS5.4AI score0.00175EPSS

Packet Storm News•added 2026/06/10 12:0 a.m.•3 views

Cloud Files Security Review Tool

This code performs a defensive security assessment of Windows systems by reviewing configuration elements associated with Cloud Files components, environment manipulation opportunities, temporary file exposure, and Windows Error Reporting artifacts...

5.5AI score

Packet Storm News•added 2026/06/10 12:0 a.m.•10 views

MARCIM-WG: A Cyber Wargame Proposal Based on Math Modeling Applied in a Naval Scenario

As maritime operations increasingly depend on interconnected digital ecosystems, cyber incidents can propagate across maritime networks and degrade critical services. Strengthening strategic Cyber Situational Awareness CSA therefore requires training mechanisms that expose decision-makers to...

5.2AI score

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48427

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description Secrets provided via POST config.xml submissions are stored unencrypted in job configuration files on the Jenkins controller. This allows users with Item/Extende...

5.3CVSS5.3AI score0.00175EPSS

Exploits0References4

RedhatCVE•added 2026/06/09 8:59 p.m.•11 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

NVD•added 2026/06/09 11:16 a.m.•7 views

CVE-2026-49741

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS0.0037EPSS

CNNVD•added 2026/06/09 12:0 a.m.•2 views

Hermes Web UI 操作系统命令注入漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.311 contained a vulnerability related to operating system command injection. This vulnerability stemmed from a problem with remote code execution, which could allow...

8.8CVSS6.3AI score0.00913EPSS

ATTACKERKB•added 2026/06/08 4:50 p.m.•3 views

CVE-2026-25856

Vulnrichment•added 2026/06/08 4:50 p.m.•5 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

EUVD•added 2026/06/08 4:50 p.m.•7 views

Exploits0References2

EUVD-2026-35135

CVE•added 2026/06/08 4:50 p.m.•15 views

Exploits0References2

CVE-2026-25856

OpenBullet2 (up to version 0.3.2) contains an authenticated remote code execution vulnerability: authenticated users can create/modify job configurations to execute arbitrary C# code on the server, with access to the file system, process spawning, and arbitrary .NET APIs as the process user. The ...