Lucene search
K

7387 matches found

CVE
CVE
added 2026/06/10 2:0 p.m.30 views

CVE-2026-45556

Roxy-WI (versions <= 8.2.6.4) is affected by CVE-2026-45556. The vulnerability arises in POST /waf///rule//save: the config_file_name field is passed to config_mod.master_slave_upload_and_restart(...) as the destination path. The validation only checks that the path contains a service substrin...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:6 p.m.13 views

EUVD-2026-36026

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 1:6 p.m.9 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3AI score0.0019EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.7 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.23 views

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.3AI score0.12797EPSS
Exploits9References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48427

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description Secrets provided via POST config.xml submissions are stored unencrypted in job configuration files on the Jenkins controller. This allows users with Item/Extende...

5.3CVSS5.3AI score0.0019EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...

5.3CVSS5.4AI score0.0019EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

EulerOS 2.0 SP13 : cups (EulerOS-SA-2026-2282)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer...

7.8CVSS6.3AI score0.00502EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : cups (EulerOS-SA-2026-2325)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer...

7.8CVSS6.3AI score0.00502EPSS
Exploits7References8
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.14 views

CVE-2026-36724

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the moduletask:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

6.5CVSS0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 6:0 a.m.16 views

RLSA-2026:22644 Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: group policy certificate enrollment uses http://...

9CVSS5.7AI score0.12797EPSS
Exploits9References4
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.9 views

CVE-2026-36724

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the moduletask:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

5.5AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 4:50 p.m.10 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:50 p.m.7 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 4:50 p.m.13 views

EUVD-2026-35135

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 4:50 p.m.27 views

CVE-2026-25856

OpenBullet2 (up to version 0.3.2) contains an authenticated remote code execution vulnerability: authenticated users can create/modify job configurations to execute arbitrary C# code on the server, with access to the file system, process spawning, and arbitrary .NET APIs as the process user. The ...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:50 p.m.41 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS0.00473EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47343

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

OpenBullet2 代码注入漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained a code injection vulnerability. This vulnerability originated from the job configuration feature, which could allow authenticated users to...

8.8CVSS6.1AI score0.00473EPSS
Exploits0References1
Rows per page
Query Builder