Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/04/07 2:12 p.m.15 views

CVE-2026-5384 runZero Platform incorrect credential scope

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS0.00048EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/07 2:12 p.m.1 views

CVE-2026-5384 runZero Platform incorrect credential scope

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00048EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:12 p.m.3 views

CVE-2026-5384

The CVE-2026-5384 issue affects the runZero Platform, where a credential could be updated and subsequently used for a task outside the authorized organization scope. This is categorized as CWE-863: Incorrect Authorization. The vulnerability is tied to credential handling that allows scope to be b...

5.8CVSS5.8AI score0.00048EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/11 11:56 p.m.2 views

CVE-2026-3783

A flaw was found in curl. When an OAuth2 bearer token is used for an HTTPS transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the .netrc file, allowing the bearer token intended for the first host to be sent to the...

5.7CVSS5.7AI score0.00028EPSS
Exploits1References7
Github Security Blog
Github Security Blogadded 2022/05/24 4:58 p.m.21 views

Missing permission checks in Google Kubernetes Engine Jenkins Plugin

A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1...

4.3CVSS4.1AI score0.00031EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2020/04/01 10:2 a.m.19 views

CVE-2019-16541

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

9.9CVSS3.5AI score0.00475EPSS
Exploits0References4
OSV
OSVadded 2019/11/21 3:15 p.m.19 views

CVE-2019-16541

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

9.9CVSS6.4AI score
Exploits0References2
Cvelist
Cvelistadded 2019/10/16 1:0 p.m.10 views

CVE-2019-10445

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID...

4.2AI score0.00031EPSS
Exploits0References2
Rows per page
Query Builder