CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

CVE-2026-57280

The CVE-2026-57280 affects Jenkins Script Security Plugin (versions up to and including 1402.v94c9ce464861). The issue is that sandboxed Groovy scripts do not intercept implicit type casts in elements of typed for-each loops, which can allow a user-supplied script to invoke arbitrary constructors...

8.8CVSS6AI score0.00372EPSS

Exploits0References1Affected Software1

Vulnrichment•added 6 days ago•5 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

6AI score0.00413EPSS

Exploits0References1

CVE•added 6 days ago•13 views

CVE-2026-57281

CVE-2026-57281 affects Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier. The root cause is that the plugin does not reject Groovy AST transformation annotations carrying an extensions member, which can allow attackers to run sandboxed Groovy scripts to execute code outside the sandbo...

8.5CVSS6AI score0.00413EPSS

Exploits0References4Affected Software1

EUVD•added 6 days ago•7 views

EUVD-2026-38761

7.5CVSS6AI score0.00413EPSS

Exploits0References1

Positive Technologies•added 6 days ago•9 views

PT-2026-51790

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description Sandboxed Groovy scripts fail to intercept implicit type casts applied to elements of typed for-each loops. This allows attackers who can provide such scripts to...

8.8CVSS5.9AI score0.00372EPSS

Exploits0References4

Tenable Nessus•added 2026/05/06 12:0 a.m.•6 views

RHCOS 4 : OpenShift Container Platform 4.2 jenkins-2-plugins (RHSA-2019:4097)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4097 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

9.9CVSS6.2AI score0.02675EPSS

Exploits0References10

Tenable Nessus•added 2026/05/06 12:0 a.m.•8 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

9.9CVSS6.2AI score0.02675EPSS

Exploits0References10

Tenable Nessus•added 2026/05/06 12:0 a.m.•10 views

RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

8.8CVSS6.2AI score0.01416EPSS

Exploits0References16

Tenable Nessus•added 2026/05/06 12:0 a.m.•9 views

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

9.9CVSS6.2AI score0.02675EPSS

Exploits0References10

Tenable Nessus•added 2026/05/04 12:0 a.m.•5 views

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...

9.9CVSS6AI score0.75594EPSS

Exploits6References14

Github Security Blog•added 2026/04/29 3:30 p.m.•23 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00174EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/04/29 12:0 a.m.•8 views

Jenkins Script Security Plugin 安全漏洞

The Jenkins Script Security Plugin is an open-source plugin developed by Jenkins that provides security controls and permission checks for automated script execution. The Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier contain security vulnerabilities. These vulnerabilities...

4.3CVSS5.8AI score0.00174EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-4157

Malware in sbrugna...

7.5CVSS7.3AI score0.01721EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2024-1357

Malicious code in bioql PyPI...

8.8CVSS6.9AI score0.01002EPSS

Exploits0References3