CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/28 12:1 p.m.•10 views

USN-8333-1 openjdk-21-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS5.8AI score0.00358EPSS

Exploits0References9

Ubuntu•added 2026/05/28 12:1 p.m.•13 views

USN-8333-1: CRaC JDK 21 vulnerabilities

Ubuntu•added 2026/05/28 11:45 a.m.•17 views

USN-8331-1: OpenJDK 11 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

OSV•added 2026/05/28 11:38 a.m.•11 views

USN-8330-1 openjdk-8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

Ubuntu•added 2026/05/28 11:38 a.m.•23 views

Exploits0References8

USN-8330-1: OpenJDK 8 vulnerabilities

OSV•added 2026/05/28 6:22 a.m.•12 views

USN-8328-1 openjdk-21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

Ubuntu•added 2026/05/28 6:22 a.m.•20 views

Exploits0References9

USN-8328-1: OpenJDK 21 vulnerabilities

OSV•added 2026/05/28 6:12 a.m.•10 views

USN-8327-1 openjdk-17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS5.9AI score0.00358EPSS

Exploits0References9

Ubuntu•added 2026/05/28 6:12 a.m.•21 views

USN-8327-1: OpenJDK 17 vulnerabilities

Snyk•added 2026/05/27 5:35 p.m.•8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of symbolic links in shared libraries. An attacker can access arbitrary files on the controller filesystem by controlling the contents of a library used by a Pipeline job. Details A Directory Travers...

7.5CVSS6.3AI score0.00301EPSS

Exploits0References2

NVD•added 2026/05/27 3:16 p.m.•12 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

7.5CVSS0.00301EPSS

AlpineLinux•added 2026/05/27 2:13 p.m.•14 views

CVE-2026-48921

Vulnrichment•added 2026/05/27 2:13 p.m.•10 views

CVE-2026-48921

5.9AI score0.00301EPSS

EUVD•added 2026/05/27 2:13 p.m.•10 views

EUVD-2026-32512

CVE•added 2026/05/27 2:13 p.m.•17 views

CVE-2026-48921

CVE-2026-48921 affects Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier. The root cause is that the plugin does not prohibit symbolic links in shared libraries, which allows an attacker who can control the library content used by a Pipeline job to read arbitrary files o...

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 2:13 p.m.•38 views

CVE-2026-48921

0.00301EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...