CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/14 8:22 p.m.•3 views

CVE-2025-68702

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00023EPSS

RedhatCVE•added 2026/01/14 7:25 p.m.•5 views

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.9AI score0.00009EPSS

NVD•added 2026/01/13 8:16 p.m.•3 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS0.00059EPSS

NVD•added 2026/01/13 8:16 p.m.•2 views

CVE-2025-68701

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

8.7CVSS0.00025EPSS

NVD•added 2026/01/13 8:16 p.m.•3 views

CVE-2025-68925

6.9CVSS0.00023EPSS

NVD•added 2026/01/13 8:16 p.m.•4 views

CVE-2025-68702

8.7CVSS0.00023EPSS

NVD•added 2026/01/13 8:16 p.m.•11 views

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS0.00014EPSS

NVD•added 2026/01/13 8:16 p.m.•3 views

CVE-2025-68698

8.7CVSS0.00009EPSS

CVE•added 2026/01/13 7:30 p.m.•7 views

CVE-2025-68925

Summary (CVE-2025-68925): Jervis (net.gleske:jervis) is vulnerable prior to version 2.2 due to a JWT header check omission that fails to enforce the algorithm field (alg) to RS256. The issue allows potential JWT forgery or signature bypass depending on context, as described in multiple sources (e...

6.9CVSS6.7AI score0.00023EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/01/13 7:21 p.m.•20 views

CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase

8.7CVSS0.00025EPSS

OSV•added 2026/01/13 7:16 p.m.•5 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

8.7CVSS6.8AI score0.00009EPSS

Positive Technologies•added 2026/01/13 12:0 a.m.•3 views

PT-2026-2494

CVE-2025-68701 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. Thi… https://t.co/yRJFluABgT...

8.7CVSS6.9AI score0.00025EPSS

Positive Technologies•added 2026/01/13 12:0 a.m.•2 views

PT-2026-2493

8.7CVSS6.9AI score0.00009EPSS

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2497

8.2CVSS6.8AI score0.00059EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2645

Malicious code in bioql PyPI...

9.9CVSS9AI score0.01799EPSS

Exploits0References6

RedhatCVE•added 2025/05/22 10:44 p.m.•3 views

CVE-2022-29049

Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name...

5.4CVSS6.5AI score0.00113EPSS