Lucene search
K

1158 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-54756

The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-54756 Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago2 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.8 views

EUVD-2026-38782

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS6.3AI score0.0042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS6.3AI score0.0042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57296

CVE-2026-57296 - Jenkins External Workspace Manager Plugin : Affected: Jenkins External Workspace Manager Plugin 1.3.2 and earlier. Description: the exwsAllocate pipeline step accepts a custom workspace path without rejecting path traversal sequences, enabling attackers with Item/Configure permis...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57293

CVE-2026-57293 affects the Jenkins Gitee Plugin (1288.v18b_deb_c9069b_ and earlier). The vulnerability is an incorrect permission check that lets an attacker with global Item/Configure permission, but without Item/Configure permission on any specific job, enumerate credentials IDs stored in Jenki...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.18 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 7:23 p.m.16 views

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

5.3CVSS6.1AI score0.0054EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iommu: Fixed potential use-after-free during probe Kasan has reported the following use-after-free on dev-iommu: When a device probe fails and the dev-iommu is being freed. In the deviommufree function, deferredprobeworkfunc...

7.8CVSS6.2AI score0.00252EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: ngene: Fixed a out-of-bounds bug in ngenecommandconfigfreebuf. Fixed a 11-year-old bug in ngenuecommandconfigfreebuf, which occurred when addressing the following warnings detected by -Warray-bounds:...

7.1CVSS5.8AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46939

Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite component: Supply to Order Workbench. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.1CVSS0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/17 1:25 a.m.6 views

CVE-2026-53441

A flaw was found in Jenkins. This vulnerability, a stored cross-site scripting XSS issue, allows attackers with Agent/Configure permission to inject malicious scripts into the user-provided description of a generic offline cause. When other users view this description, the injected script can...

5.4CVSS5.1AI score0.00261EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50042

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Configure to Order versions 12.2.3 through 12.2.15 Description An issue exists in the Supply to Order Workbench component of the Oracle Configure to Order product. A low privileged attacker with network access via HTTP...

8.1CVSS5.9AI score0.00337EPSS
Exploits0References3
Rows per page
Query Builder