CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

831 matches found

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0014EPSS

Exploits0References1

NVD•added 4 days ago•9 views

CVE-2026-57297

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

4.3CVSS0.00187EPSS

Exploits0References1

NVD•added 4 days ago•7 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS

Exploits0References1

EUVD•added 4 days ago•7 views

EUVD-2026-38788

4.2CVSS5.8AI score0.0014EPSS

Exploits0References1

Cvelist•added 4 days ago•31 views

CVE-2026-57307

0.0014EPSS

Exploits0References1

EUVD•added 4 days ago•6 views

EUVD-2026-38785

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00161EPSS

Exploits0References1

CVE•added 4 days ago•5 views

CVE-2026-57299

CVE-2026-57299: Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read to enumerate the names of configured Contrast metadata. Public references (NVD, CVE lists, Alpine, EUVD, Att&CK entries, and the Jenkins security...

4.3CVSS5.9AI score0.00187EPSS

Exploits0References1Affected Software1

EUVD•added 4 days ago•9 views

EUVD-2026-38778

5.8AI score0.00187EPSS

Exploits0References1

CVE•added 4 days ago•8 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References1Affected Software1

EUVD•added 4 days ago•7 views

EUVD-2026-38775

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS

Exploits0References1

EUVD•added 4 days ago•9 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS

Exploits0References1

Cvelist•added 4 days ago•29 views

CVE-2026-57291

0.00145EPSS

Exploits0References1

Cvelist•added 4 days ago•31 views

CVE-2026-57285

0.00216EPSS

Exploits0References1

CVE•added 4 days ago•12 views

CVE-2026-57285

CVE-2026-57285: A missing permission check in Jenkins GitHub Branch Source Plugin (versions 1967.1969.v205fd594c821 and earlier) allows users with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. Affected component: Jenkins Git...

4.3CVSS5.9AI score0.00216EPSS

Exploits0References1Affected Software1

EUVD•added 4 days ago•7 views

EUVD-2026-38765

4.3CVSS5.9AI score0.00216EPSS

Exploits0References1

Jenkins Security Advisories•added 4 days ago•5 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00187EPSS

Exploits0Affected Software1

Jenkins Security Advisories•added 4 days ago•5 views

Missing permission checks in contrast-continuous-application-security allow enumerating Contrast metadata

contrast-continuous-application-security 3.11 and earlier does not perform permission checks in several HTTP endpoints that fill list box options with the names of the configured Contrast metadata. This allows attackers with Overall/Read permission to enumerate the names of configured Contrast...

4.3CVSS5.8AI score0.00187EPSS

Exploits0Affected Software1

NVD•added 2026/06/10 2:16 p.m.•9 views

CVE-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

4.3CVSS0.00234EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 1:6 p.m.•6 views

CVE-2026-53439

5.5AI score0.00234EPSS

Exploits0References1

CVE•added 2026/06/10 1:6 p.m.•22 views

CVE-2026-53439

CVE-2026-53439 : In Jenkins up to 2.567 and earlier, and LTS up to 2.555.2, missing permission checks allow users with Overall/Read to determine other users’ configured timezone and to enumerate other users’ My Views. The CVSS v3.1 base score is 4.3 (Medium; AV N, AC L, PR L, UI N, S U, C L, I N,...

4.3CVSS5.5AI score0.00234EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by