CVE search

365,134 results
CVE-2026-57294MEDIUMA missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission toEPSS 0.2%CVE-2026-57293MEDIUMAn incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permissiEPSS 0.2%CVE-2026-57292MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to aEPSS 0.1%CVE-2026-57291MEDIUMMissing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect EPSS 0.1%CVE-2026-57290MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwEPSS 0.2%CVE-2026-57289MEDIUMJenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for coEPSS 0.1%CVE-2026-42450HIGHOpenColorIO vulnerable to stack buffer overflow via unbounded `sscanf %s` in Spi3D (.spi3d) LUT parserEPSS 0.1%CVE-2026-57288LOWJenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows nativEPSS 0.2%CVE-2026-57287MEDIUMJenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying hiEPSS 0.1%CVE-2026-57286MEDIUMA missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtaEPSS 0.2%CVE-2026-57285MEDIUMA missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read perEPSS 0.2%CVE-2026-57284MEDIUMJenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline SniEPSS 0.3%CVE-2026-57283MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instEPSS 0.2%CVE-2026-57282MEDIUMJenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH EPSS 0.2%CVE-2026-57281HIGHJenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions mEPSS 0.6%CVE-2026-57280HIGHJenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed foEPSS 0.4%CVE-2026-13163MEDIUMLack of input validation in Mailerup input parameter leads to Open RedirectEPSS 0.3%CVE-2026-12242HIGHAdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode AttributeEPSS 0.5%CVE-2026-56761MEDIUMhono - HTML Injection via Improper JSX Attribute Name Handling in SSREPSS 0.2%CVE-2026-56370MEDIUMImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components ArtifactEPSS 0.1%