CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

176 matches found

CVE-2026-57283

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

4.3CVSS0.00124EPSS

Exploits0References1

EUVD•added 3 days ago•7 views

EUVD-2026-38764

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00242EPSS

Exploits0References1

Cvelist•added 3 days ago•31 views

CVE-2026-57284

0.00242EPSS

Exploits0References1

CVE•added 3 days ago•13 views

CVE-2026-57284

CVE-2026-57284 affects Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier. The vulnerability arises because the Pipeline Snippet Generator does not restrict the types that can be instantiated, potentially allowing an attacker to instantiate types related to job or system configuration...

4.3CVSS5.9AI score0.00242EPSS

Exploits0References1Affected Software1

CVE•added 3 days ago•14 views

CVE-2026-57283

CVE-2026-57283 affects Jenkins Pipeline: Groovy Plugin (versions including 4331.v9d06ed4658ff and earlier). The vulnerability is a cross-site request forgery (CSRF) in the Pipeline Snippet Generator that lets an attacker instantiate types related to job or system configuration beyond Pipeline ste...

4.3CVSS5.8AI score0.00124EPSS

Exploits0References1Affected Software1

EUVD•added 3 days ago•7 views

EUVD-2026-38763

4.3CVSS5.8AI score0.00124EPSS

Exploits0References1

Cvelist•added 3 days ago•33 views

CVE-2026-57283

0.00124EPSS

Exploits0References1

Tenable Nessus•added 3 days ago•3 views

Jenkins plugins Multiple Vulnerabilities (2026-06-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing...

8.8CVSS6.5AI score0.00595EPSS

Exploits0References29

Tenable Nessus•added 2026/05/06 12:0 a.m.•12 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

8.8CVSS6.2AI score0.25587EPSS

Exploits1References18

Tenable Nessus•added 2026/05/06 12:0 a.m.•10 views

RHCOS 4 : OpenShift Container Platform 4.4.z jenkins-2-plugins (RHSA-2020:2737)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2737 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

8.8CVSS6.2AI score0.01416EPSS

Exploits0References16

Tenable Nessus•added 2026/05/04 12:0 a.m.•4 views

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...

9.9CVSS6AI score0.75961EPSS

Exploits6References14

Tenable Nessus•added 2026/05/04 12:0 a.m.•11 views

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1423 advisory. - jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin SECURITY-1353 CVE-2019-100304...

9.8CVSS5.8AI score0.03338EPSS

Exploits0References8

RedhatCVE•added 2026/01/09 10:55 a.m.•7 views

CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed...

6.5CVSS6.8AI score0.00959EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-1161

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.0052EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-3802

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.02505EPSS

Exploits0References4