CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

814 matches found

NVD•added 2026/06/10 2:16 p.m.•7 views

CVE-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

4.3CVSS0.00216EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 1:6 p.m.•5 views

CVE-2026-53439

5.5AI score0.00216EPSS

Exploits0References1

CVE•added 2026/06/10 1:6 p.m.•17 views

CVE-2026-53439

CVE-2026-53439 : In Jenkins up to 2.567 and earlier, and LTS up to 2.555.2, missing permission checks allow users with Overall/Read to determine other users’ configured timezone and to enumerate other users’ My Views. The CVSS v3.1 base score is 4.3 (Medium; AV N, AC L, PR L, UI N, S U, C L, I N,...

4.3CVSS5.5AI score0.00216EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/10 12:0 a.m.•8 views

PT-2026-48424

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.567 Jenkins LTS versions prior to 2.555.2 Description Missing permission checks allow attackers with Overall/Read permission to determine the configured timezone of other users and enumerate view names within other...

4.3CVSS5.2AI score0.00216EPSS

Exploits0References5

RedhatCVE•added 2026/06/06 6:43 p.m.•9 views

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.5AI score0.00178EPSS

Exploits0References1

Snyk•added 2026/05/27 5:34 p.m.•8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the form validation method. An attacker can connect to an arbitrary URL by leveraging Overall/Read permission. Remediation Upgrade com.rapid7:jenkinsci-appspider-plugin to version 1.0.18 or higher. References -...

5.3CVSS5.9AI score0.00187EPSS

Exploits0References2

NVD•added 2026/05/27 3:16 p.m.•14 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS0.00187EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 2:13 p.m.•8 views

CVE-2026-48923

5.8AI score0.00187EPSS

Exploits0References1

CVE•added 2026/05/27 2:13 p.m.•15 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/27 12:0 a.m.•9 views

Jenkins AppSpider Plugin 安全漏洞

The Jenkins AppSpider Plugin is an open-source Jenkins application security scanning integration plugin. The Jenkins AppSpider Plugin versions 1.0.17 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks in the method responsible for form...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-44016

Name of the Vulnerable Software and Affected Versions Jenkins AppSpider Plugin versions prior to 1.0.18 Description A missing permission check in a method implementing form validation allows users with Overall/Read permissions to trigger a connection to an attacker-specified URL. Recommendations...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References3

RedhatCVE•added 2026/05/04 9:9 a.m.•6 views

CVE-2026-42519

A flaw was found in Jenkins Script Security Plugin. An attacker with Overall/Read permission can exploit a missing permission check to enumerate pending and approved Script Security classpaths. This information disclosure vulnerability allows unauthorized access to sensitive configuration details...

6.5CVSS5.6AI score0.00174EPSS

Exploits0References4

Github Security Blog•added 2026/04/29 3:30 p.m.•6 views

Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

9CVSS5.9AI score0.00281EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/04/29 3:30 p.m.•20 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00174EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/29 2:16 p.m.•3 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

9CVSS0.00281EPSS

Exploits0References1

Vulnrichment•added 2026/04/29 1:31 p.m.•2 views

CVE-2026-42523

4.8AI score0.00281EPSS

Exploits0References1

ATTACKERKB•added 2026/04/29 1:31 p.m.•3 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

4.3CVSS5.2AI score0.00184EPSS

Exploits0References2

Cvelist•added 2026/04/29 1:31 p.m.•28 views

CVE-2026-42522

0.00184EPSS

Exploits0References1

Vulnrichment•added 2026/04/29 1:31 p.m.•3 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

5.2AI score0.00174EPSS

Exploits0References1

CVE•added 2026/04/29 1:31 p.m.•44 views

CVE-2026-42519

The provided documents describe CVE-2026-42519 as a vulnerability in the Jenkins Script Security Plugin (version 1399.ve6a_66547f6e1 and earlier). The root cause is a missing permission check that permits users with Overall/Read permission to enumerate pending and approved Script Security classpa...

4.3CVSS5.2AI score0.00174EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by