Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 4 days ago8 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2024/06/05 2:47 p.m.4 views

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

6.5CVSS5.6AI score0.00698EPSS
Exploits0References5
BDU FSTEC
BDU FSTECadded 2023/10/09 12:0 a.m.5 views

The vulnerability of the Jenkins NodeJS plugin, related to errors in processing user credentials in the build log, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins NodeJS plugin is related to errors in processing user credentials in the build log. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.0053EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/05/16 5:15 p.m.4 views

CVE-2023-32995

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

8.8CVSS7.3AI score0.0045EPSS
Exploits0References1
BDU FSTEC
BDU FSTECadded 2022/08/10 12:0 a.m.5 views

The vulnerability of the Jenkins HTTP Request Plugin, related to the disclosure of information in the error data field, allows attackers to disclose the protected information.

The vulnerability of the Jenkins HTTP Request Plugin is related to the disclosure of information in the error data field. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...

6.8CVSS6.5AI score0.00698EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linuxadded 2021/06/01 4:12 a.m.6 views

jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...

4.3CVSS6AI score0.00887EPSS
Exploits0References4
Rows per page
Query Builder