Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1347 matches found

GithubExploit
GithubExploitadded 6 days ago58 views

Exploit for Code Injection in Xwiki

CVE-2025-24893 Exploit de Execução Remota de Código RCE no X...

9.8CVSS7.3AI score0.93701EPSS
Exploits49
RedhatCVE
RedhatCVEadded 2026/05/28 2:12 a.m.4 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

7.2CVSS6AI score0.0007EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 3:16 p.m.8 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

7.5CVSS0.00406EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 2:13 p.m.4 views

EUVD-2026-32512

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

7.5CVSS5.9AI score0.00406EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 2:13 p.m.6 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

5.9AI score0.00406EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 2:13 p.m.8 views

CVE-2026-48921

CVE-2026-48921 affects Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier. The root cause is that the plugin does not prohibit symbolic links in shared libraries, which allows an attacker who can control the library content used by a Pipeline job to read arbitrary files o...

7.5CVSS5.9AI score0.00406EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/27 2:13 p.m.32 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

0.00406EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/05/27 2:13 p.m.8 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

7.5CVSS5.9AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.6 views

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

7.5CVSS5.9AI score0.00406EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.4 views

Jenkins Pipeline: Groovy Libraries Plugin 安全漏洞

Jenkins Pipeline: The Groovy Libraries Plugin is an open-source Jenkins Pipeline plugin that manages Groovy libraries. The Jenkins Pipeline: Groovy Libraries Plugin versions 797.v90eaa9be45a0 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of protection against...

7.5CVSS5.9AI score0.00406EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/27 12:0 a.m.9 views

Jenkins plugins Multiple Vulnerabilities (2026-05-27)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross- site scripting XSS vulnerability...

8.8CVSS6.4AI score0.01768EPSS
Exploits0References14
NVD
NVDadded 2026/05/25 8:16 p.m.6 views

CVE-2026-9498

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS0.00046EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/25 8:0 p.m.15 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS0.00046EPSS
Exploits0References4
Snyk
Snykadded 2026/05/25 5:0 p.m.1 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the GroovyInterceptor initialization of classes via GroovySandbox. An administrator user with the Implementations entitlement can execute arbitrary code by creating a malicious Groovy class...

8.6CVSS6.3AI score0.0007EPSS
Exploits0References2
NVD
NVDadded 2026/05/25 4:16 p.m.11 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

7.2CVSS0.0007EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/25 2:58 p.m.17 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

0.0007EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:58 p.m.5 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.0007EPSS
Exploits0References1
CVE
CVEadded 2026/05/25 2:58 p.m.15 views

CVE-2026-42782

CVE-2026-42782 affects Apache Syncope 3.0–3.0.16, 4.0–4.0.5, and 4.1.0, caused by improper isolation that lets an administrator with sufficient entitlements load a malicious Groovy class whose static initializer reaches a non-sandboxed execution path. Remediation is to upgrade to 4.0.6 or 4.1.1, ...

7.2CVSS6AI score0.0007EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/25 2:58 p.m.8 views

EUVD-2026-31696

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.0007EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:58 p.m.7 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

6AI score0.0007EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder