Lucene search
K

1091 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-57954

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-57954

Vulnerability summary (CVE-2026-57954) Elide 7.1.17 has a flaw in SortingImpl.getValidSortingRules where @ReadPermission is not enforced on client-supplied sort expressions. This allows attackers to sort collections by forbidden fields and infer hidden field values via row ordering analysis, leak...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-57954 Elide 7.1.17 - Permission Bypass in Sort Expression Validation

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

4.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38785

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

0.00178EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.19 views

CVE-2026-57300

The CVE-2026-57300 entry concerns Jenkins MCP Server Plugin versions 0.177.v629fdb_2557fe and earlier, where a missing permission check allows attackers with Item/Read permission to read Pipeline replay scripts for jobs they can access. The vulnerability stems from inadequate access control on pi...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/24 1:20 p.m.9 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38775

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51809

Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions prior to 3.12 Description Missing permission checks allow users with Overall/Read permission to enumerate the names of configured Contrast metadata. Recommendations Update Jenkin...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References4
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.5 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Rows per page
Query Builder