CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

609 matches found

Vulnrichment•added 2026/04/29 1:31 p.m.•1 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

5.2AI score0.00126EPSS

Exploits0References1

Positive Technologies•added 2026/04/29 12:0 a.m.•2 views

PT-2026-35913

A missing permission check in Jenkins Script Security Plugin 1399.ve6a 66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.2AI score0.00126EPSS

Exploits0References1

CNNVD•added 2026/04/29 12:0 a.m.•5 views

Jenkins Script Security Plugin 安全漏洞

The Jenkins Script Security Plugin is an open-source plugin developed by Jenkins that provides security controls and permission checks for automated script execution. The Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier contain security vulnerabilities. These vulnerabilities...

4.3CVSS5.8AI score0.00126EPSS

Exploits0References1

Tenable Nessus•added 2026/04/29 12:0 a.m.•6 views

Jenkins plugins Multiple Vulnerabilities (2026-04-29)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file. This results in a stored cross-site...

9CVSS5.9AI score0.02742EPSS

Exploits0References8

RedhatCVE•added 2026/01/09 8:44 a.m.•6 views

CVE-2022-23623

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

8.8CVSS6.7AI score0.00377EPSS

Exploits0References1

Veracode•added 2025/12/13 5:3 a.m.•4 views

Code Injection

org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...

9.9CVSS7.7AI score0.00326EPSS

Exploits0References3Affected Software1

Veracode•added 2025/12/13 4:30 a.m.•3 views

Sandbox Bypass

org.jenkins-ci.plugins, script-security is vulnerable to sandbox bypass. The vulnerability is due to improper handling of default parameter expressions in constructors, which allows an attacker to execute arbitrary code through crafted sandboxed scripts...

9.9CVSS6.2AI score0.00342EPSS

Exploits0References8Affected Software1