CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ubuntu•added 2026/05/28 12:1 p.m.•10 views

USN-8333-1: CRaC JDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

OSV•added 2026/05/28 12:1 p.m.•8 views

USN-8333-1 openjdk-21-crac vulnerabilities

7.5CVSS5.8AI score0.00154EPSS

Exploits0References9

Ubuntu•added 2026/05/28 11:45 a.m.•15 views

USN-8331-1: OpenJDK 11 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

OSV•added 2026/05/28 11:38 a.m.•7 views

USN-8330-1 openjdk-8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

Ubuntu•added 2026/05/28 11:38 a.m.•21 views

Exploits0References8

USN-8330-1: OpenJDK 8 vulnerabilities

OSV•added 2026/05/28 6:22 a.m.•11 views

USN-8328-1 openjdk-21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

Ubuntu•added 2026/05/28 6:22 a.m.•18 views

Exploits0References9

USN-8328-1: OpenJDK 21 vulnerabilities

Ubuntu•added 2026/05/28 6:12 a.m.•18 views

USN-8327-1: OpenJDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

OSV•added 2026/05/28 6:12 a.m.•9 views

USN-8327-1 openjdk-17 vulnerabilities

7.5CVSS5.9AI score0.00154EPSS

Exploits0References9

Snyk•added 2026/05/27 5:35 p.m.•7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of symbolic links in shared libraries. An attacker can access arbitrary files on the controller filesystem by controlling the contents of a library used by a Pipeline job. Details A Directory Travers...

7.5CVSS6.3AI score0.00406EPSS

Exploits0References2

NVD•added 2026/05/27 3:16 p.m.•12 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

7.5CVSS0.00406EPSS

EUVD•added 2026/05/27 2:13 p.m.•10 views

EUVD-2026-32512

Vulnrichment•added 2026/05/27 2:13 p.m.•10 views

CVE-2026-48921

5.9AI score0.00406EPSS

CVE•added 2026/05/27 2:13 p.m.•16 views

CVE-2026-48921

CVE-2026-48921 affects Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier. The root cause is that the plugin does not prohibit symbolic links in shared libraries, which allows an attacker who can control the library content used by a Pipeline job to read arbitrary files o...

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 2:13 p.m.•38 views

CVE-2026-48921

0.00406EPSS

AlpineLinux•added 2026/05/27 2:13 p.m.•14 views

CVE-2026-48921

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Exploits0References4

Jenkins Pipeline: Groovy Libraries Plugin 安全漏洞

Jenkins Pipeline: The Groovy Libraries Plugin is an open-source Jenkins Pipeline plugin that manages Groovy libraries. The Jenkins Pipeline: Groovy Libraries Plugin versions 797.v90eaa9be45a0 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of protection against...