Lucene search
K

625 matches found

RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-57280

A flaw was found in Jenkins Script Security Plugin. This vulnerability allows attackers who can provide sandboxed Groovy scripts to bypass security sandbox protections. By exploiting a failure to properly intercept implicit type casts in typed for-each loops, an attacker can invoke arbitrary...

8.8CVSS6.4AI score0.00372EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-14000

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.1CVSS6AI score0.00171EPSS
Exploits0
Snyk
Snyk
added 2026/06/25 6:7 a.m.6 views

Improper Control of Dynamically-Managed Code Resources

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via incomplete sandbox...

8.8CVSS5.8AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.6 views

Unsafe Dependency Resolution

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via Groovy AST transformation annotations during...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS0.00594EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 2:17 p.m.15 views

CVE-2026-57280

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

8.8CVSS0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS6AI score0.00594EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.34 views

CVE-2026-57281

CVE-2026-57281 affects Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier. The root cause is that the plugin does not reject Groovy AST transformation annotations carrying an extensions member, which can allow attackers to run sandboxed Groovy scripts to execute code outside the sandbo...

8.5CVSS6AI score0.00594EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

6AI score0.00594EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.38 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

0.00594EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57280

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.8 views

EUVD-2026-38760

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

8.8CVSS6AI score0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57280

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

8.8CVSS6AI score0.00372EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57280

The CVE-2026-57280 affects Jenkins Script Security Plugin (versions up to and including 1402.v94c9ce464861). The issue is that sandboxed Groovy scripts do not intercept implicit type casts in elements of typed for-each loops, which can allow a user-supplied script to invoke arbitrary constructors...

8.8CVSS6AI score0.00372EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38761

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

7.5CVSS6AI score0.00594EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS5.8AI score0.00594EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51790

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description Sandboxed Groovy scripts fail to intercept implicit type casts applied to elements of typed for-each loops. This allows attackers who can provide such scripts to...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51791

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description The plugin fails to reject Groovy AST Abstract Syntax Tree transformation annotations that contain an extensions member. This allows attackers with the ability to...

8.5CVSS6AI score0.00594EPSS
Exploits0References7
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.7 views

Script security bypass vulnerability in script-security

script-security 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations such as @CompileStatic and @TypeChecked that carry an extensions member, which causes Groovy to load and execute a script from the classpath at compile time, before the sandbox is applied. This ma...

8.5CVSS5.9AI score0.00594EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Jenkins plugins Multiple Vulnerabilities (2026-06-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References29
Rows per page
Query Builder