CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

Snyk•added 2026/04/30 6:17 a.m.•5 views

Missing Authorization

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Missing Authorization in the GitHubAppCredentials descriptor through the testConnection handler. A...

5.3CVSS5.8AI score0.00024EPSS

Exploits0References3

Vulnrichment•added 2026/04/29 1:31 p.m.•1 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

5.2AI score0.00024EPSS

Exploits0References1

Cvelist•added 2026/04/29 1:31 p.m.•25 views

CVE-2026-42522

0.00024EPSS

Exploits0References1

CVE•added 2026/04/29 1:31 p.m.•11 views

CVE-2026-42522

The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...

4.3CVSS5.2AI score0.00024EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/29 1:31 p.m.•2 views

CVE-2026-42522

4.3CVSS5.2AI score0.00024EPSS

Exploits0References2

Positive Technologies•added 2026/04/29 12:0 a.m.•1 views

PT-2026-35916

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

4.3CVSS5.2AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2026/03/11 7:8 a.m.•3 views

CVE-2026-30920

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

8.6CVSS5.8AI score0.00011EPSS

Exploits1References1

NVD•added 2026/03/10 5:40 p.m.•3 views

CVE-2026-30920

8.6CVSS0.00011EPSS

Exploits1References1

CNNVD•added 2026/03/10 12:0 a.m.•3 views

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.19 contain security vulnerabilities. These vulnerabilities stem from GitHub App callbacks that allow attackers to control parameters...

8.6CVSS5.8AI score0.00011EPSS

Exploits1References2

ATTACKERKB•added 2026/03/09 10:57 p.m.•2 views

CVE-2026-30920

8.6CVSS5.8AI score0.00011EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/09 10:57 p.m.•1 views

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

8.6CVSS5.8AI score0.00011EPSS

Exploits1References1

Cvelist•added 2026/03/09 10:57 p.m.•36 views

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

8.6CVSS0.00011EPSS

Exploits1References1

OSV•added 2026/03/09 10:57 p.m.•0 views

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

8.6CVSS5.9AI score0.00011EPSS

Exploits1References3

CVE•added 2026/03/09 10:57 p.m.•5 views

CVE-2026-30920

OneUptime prior to version 10.0.19 has broken access control in the GitHub App installation flow. The GitHub App callback trusts attacker-controlled state and installation_id values, and writes the provided installation_id into Project.gitHubAppInstallationId with root privileges without validati...

8.6CVSS5.9AI score0.00011EPSS

Exploits1References1Affected Software1

EUVD•added 2026/03/09 10:57 p.m.•2 views

EUVD-2026-10433

8.6CVSS5.8AI score0.00011EPSS

Exploits1References1

Github Security Blog•added 2026/03/09 5:29 p.m.•3 views

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Summary OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub A...

8.6CVSS5.9AI score0.00011EPSS

Exploits1References10Affected Software1

EUVD•added 2026/03/09 5:29 p.m.•2 views

EUVD-2026-10432

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding...

8.6CVSS5.8AI score0.00011EPSS

Exploits1References8

OSV•added 2026/03/09 5:29 p.m.•1 views

GHSA-656W-6F6C-M9R6 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

8.6CVSS5.9AI score0.00011EPSS

Exploits1References10

Positive Technologies•added 2026/03/09 12:0 a.m.•0 views

PT-2026-24150

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.19 Description OneUptime’s GitHub App callback does not properly validate the state and installation id values received from a user, allowing an attacker to overwrite another project's GitHub App installation...

8.6CVSS5.9AI score0.00011EPSS

Exploits1References22

OSV•added 2026/01/13 2:28 p.m.•4 views

GHSA-MQW7-C5GG-XQ97 Jervis Has a RSA PKCS#1 Padding Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL463-L465...

8.7CVSS6.8AI score0.00009EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by