CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1087 matches found

CVE-2026-57954

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS

Exploits0References2

CVE•added yesterday•7 views

CVE-2026-57954

Vulnerability summary (CVE-2026-57954) Elide 7.1.17 has a flaw in SortingImpl.getValidSortingRules where @ReadPermission is not enforced on client-supplied sort expressions. This allows attackers to sort collections by forbidden fields and infer hidden field values via row ordering analysis, leak...

5.3CVSS5.8AI score

Exploits0References2

NVD•added 6 days ago•8 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS0.00187EPSS

Exploits0References1

NVD•added 6 days ago•9 views

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

4.3CVSS0.00178EPSS

Exploits0References1

NVD•added 6 days ago•9 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00145EPSS

Exploits0References1

NVD•added 6 days ago•8 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS

Exploits0References1

EUVD•added 6 days ago•7 views

EUVD-2026-38785

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00161EPSS

Exploits0References1

Cvelist•added 6 days ago•31 views

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

0.00178EPSS

Exploits0References1

CVE•added 6 days ago•13 views

CVE-2026-57300

The CVE-2026-57300 entry concerns Jenkins MCP Server Plugin versions 0.177.v629fdb_2557fe and earlier, where a missing permission check allows attackers with Item/Read permission to read Pipeline replay scripts for jobs they can access. The vulnerability stems from inadequate access control on pi...

4.3CVSS5.9AI score0.00178EPSS

Exploits0References1Affected Software1

CVE•added 6 days ago•8 views

CVE-2026-57297

CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References1Affected Software1

EUVD•added 6 days ago•7 views

EUVD-2026-38775

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS

Exploits0References1

EUVD•added 6 days ago•9 views

EUVD-2026-38772

5.4CVSS5.8AI score0.00145EPSS

Exploits0References1

Cvelist•added 6 days ago•31 views

CVE-2026-57291

0.00145EPSS

Exploits0References1

Cvelist•added 6 days ago•32 views

CVE-2026-57285

0.00216EPSS

Exploits0References1

Positive Technologies•added 6 days ago•10 views

PT-2026-51809

Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions prior to 3.12 Description Missing permission checks allow users with Overall/Read permission to enumerate the names of configured Contrast metadata. Recommendations Update Jenkin...

4.3CVSS5.8AI score0.00187EPSS

Exploits0References4

Jenkins Security Advisories•added 6 days ago•5 views

Missing permission checks in contrast-continuous-application-security allow enumerating Contrast metadata

contrast-continuous-application-security 3.11 and earlier does not perform permission checks in several HTTP endpoints that fill list box options with the names of the configured Contrast metadata. This allows attackers with Overall/Read permission to enumerate the names of configured Contrast...

4.3CVSS5.8AI score0.00187EPSS

Exploits0Affected Software1

Jenkins Security Advisories•added 6 days ago•5 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00187EPSS

Exploits0Affected Software1

CVE•added last week•7 views

CVE-2026-49983

Summary of CVE-2026-49983 details (Deno): Deno’s process.loadEnvFile() incorrectly bypasses env permission checks. It only verifies read permission on the dotenv file and then writes all keys from the file into process.env, even if env access is denied. This means that with --allow-read and a wri...

5.2CVSS5.9AI score0.00098EPSS

Exploits0References1Affected Software1

CVE•added 2026/06/22 9:4 p.m.•7 views

CVE-2026-56221

CVE-2026-56221 : Cap-go before 12.128.2 contains SQL injection flaws in cloudflare.ts. User-controlled values from API request bodies are interpolated directly into SQL strings without sanitization or parameterization. Authenticated users with read-level API key permissions can inject arbitrary S...

7.1CVSS6AI score0.00276EPSS

Exploits0References2

Github Security Blog•added 2026/06/16 7:11 p.m.•8 views

Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Summary When Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk,...

5.5CVSS5.8AI score0.00135EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by