CVE search
364,804 resultsCVE-2026-57304MEDIUMA missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attackeEPSS 0.2%CVE-2026-57303HIGHJenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers aEPSS 0.2%CVE-2026-57302MEDIUMJenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be vEPSS 0.2%CVE-2026-57301HIGHJenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attaEPSS 0.4%CVE-2026-57300MEDIUMA missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read EPSS 0.2%CVE-2026-57299MEDIUMMissing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permEPSS 0.2%CVE-2026-57298MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackeEPSS 0.1%CVE-2026-57297MEDIUMA missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read peEPSS 0.2%CVE-2026-57296HIGHJenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided tEPSS 0.6%CVE-2026-57295MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to conneEPSS 0.1%CVE-2026-57294MEDIUMA missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission toEPSS 0.2%CVE-2026-57293MEDIUMAn incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permissiEPSS 0.2%CVE-2026-57292MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to aEPSS 0.1%CVE-2026-57291MEDIUMMissing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect EPSS 0.1%CVE-2026-57290MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwEPSS 0.2%CVE-2026-57289MEDIUMJenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for coEPSS 0.1%CVE-2026-42450HIGHOpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parserEPSS 0.1%CVE-2026-57288LOWJenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows nativEPSS 0.2%CVE-2026-57287MEDIUMJenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying hiEPSS 0.1%CVE-2026-57286MEDIUMA missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtaEPSS 0.2%