Lucene search
+L

1166 matches found

CISA KEV Catalog
CISA KEV Catalog
added 4 days ago54 views

Cisco IOS Cross-Site Request Forgery Vulnerability

Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias exec" command to the /level/15/exec/-/configure/http URI...

9.3CVSS6.3AI score0.23857EPSS
In wildExploits1
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:58 a.m.7 views

CVE-2026-21051

Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings...

5.1CVSS5.9AI score0.00105EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 8:29 p.m.5 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 8:29 p.m.35 views

CVE-2026-54756 Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:29 p.m.26 views

CVE-2026-54756

The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/24 3:18 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to build operations being performed on the Jenkins controller instead of the assigned agent. An attacker can execute arbitrary code on the Jenkins controller by obtaining Item/Configure permission. Remediati...

9.2CVSS6.2AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS0.0042EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 2:17 p.m.4 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS6.4AI score
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS6.3AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.36 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.11 views

EUVD-2026-38782

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS6.3AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.19 views

CVE-2026-57296

CVE-2026-57296 - Jenkins External Workspace Manager Plugin : Affected: Jenkins External Workspace Manager Plugin 1.3.2 and earlier. Description: the exwsAllocate pipeline step accepts a custom workspace path without rejecting path traversal sequences, enabling attackers with Item/Configure permis...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.17 views

CVE-2026-57293

CVE-2026-57293 affects the Jenkins Gitee Plugin (1288.v18b_deb_c9069b_ and earlier). The vulnerability is an incorrect permission check that lets an attacker with global Item/Configure permission, but without Item/Configure permission on any specific job, enumerate credentials IDs stored in Jenki...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.8 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:23 p.m.18 views

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

5.3CVSS6.1AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.24 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46939

Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite component: Supply to Order Workbench. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.1CVSS0.00337EPSS
Exploits0References1
Rows per page
Query Builder