2647 matches found
CVE-2026-48922
Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...
EUVD-2026-32513
Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...
CVE-2026-48922
Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...
CVE-2026-48922
Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...
CVE-2026-46103
In the Linux kernel, a fix for devres lifetime in the can: ucan path addresses memory-management where USB driver resources tied to an interface were not properly released when the driver is unbound (e.g., probe deferral or config changes). The issue affects USB drivers binding to interfaces and ...
CVE-2026-45931 accel/amdxdna: Hold mm structure across iommu_sva_unbind_device()
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...
PT-2026-44121
Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description The constellation client in this open-source framework for intelligent automation tracks pending task responses using only the session id and fails to verify if a TASK END message originated...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of the rlbarprecv function after it is released during the power-off binding interface...
PT-2026-44015
Name of the Vulnerable Software and Affected Versions Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier Description Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary...
Jenkins Credentials Binding Plugin 安全漏洞
The Jenkins Credentials Binding Plugin is an open-source plugin developed by Jenkins that binds secure credentials stored in Jenkins to environment variables during build processes. The Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier contain security vulnerabilities. The...
Nocturne Memory 访问控制错误漏洞
Nocturne Memory is an AI long-term memory server developed by Niwato. Versions prior to Nocturne Memory 2.4.1 contained an access control vulnerability. This vulnerability occurred when the APITOKEN was not set or was empty, allowing the BearerTokenAuthMiddleware to bypass identity verification f...
Jenkins plugins Multiple Vulnerabilities (2026-05-27)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross- site scripting XSS vulnerability...
PT-2026-43798
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu sva unbind device Some tests trigger a crash in iommu sva unbind device due to accessing iommu mm after the associated mm structure has been freed. Fix this by taking an explicit...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the engine/flags.go process, which causes the SSE event server to bind to all network interfaces by default on Linux and macOS. An attacker can access sensitive event data by connecting to the...
CVE-2026-41164
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
CVE-2026-46430
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
EUVD-2026-31869
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430
CVE-2026-46430 affects Algernon (SSE event server). Before 1.17.7, the SSE event server bound to 0.0.0.0:5553 by default on Linux/macOS due to host default logic, enabling LAN-wide access. The issue arises from platform-dependent default host handling (empty on non-Windows), resulting in an effec...
CVE-2026-46430 Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...