Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20896
Total
1510
Critical
6356
High
6618
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57299 | UNKNOWN | — | Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast … | Jun 24, 2026 |
| CVE-2026-57298 | MEDIUM | 5.4 | A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified … | Jun 24, 2026 |
| CVE-2026-57297 | UNKNOWN | — | A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL … | Jun 24, 2026 |
| CVE-2026-57296 | HIGH | 8.8 | Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, … | Jun 24, 2026 |
| CVE-2026-57295 | MEDIUM | 5.4 | A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials … | Jun 24, 2026 |
| CVE-2026-57294 | MEDIUM | 5.4 | A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified … | Jun 24, 2026 |
| CVE-2026-57293 | MEDIUM | 4.3 | An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) … | Jun 24, 2026 |
| CVE-2026-57292 | MEDIUM | 5.4 | A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs … | Jun 24, 2026 |
| CVE-2026-57291 | MEDIUM | 5.4 | Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs … | Jun 24, 2026 |
| CVE-2026-57290 | MEDIUM | 4.3 | A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. | Jun 24, 2026 |
| CVE-2026-57289 | MEDIUM | 4.8 | Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to … | Jun 24, 2026 |
| CVE-2026-57288 | LOW | 3.7 | Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication … | Jun 24, 2026 |
| CVE-2026-57287 | MEDIUM | 4.3 | Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers … | Jun 24, 2026 |
| CVE-2026-57286 | MEDIUM | 4.3 | A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used … | Jun 24, 2026 |
| CVE-2026-57285 | MEDIUM | 4.3 | A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise … | Jun 24, 2026 |
| CVE-2026-57284 | MEDIUM | 4.3 | Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate … | Jun 24, 2026 |
| CVE-2026-57283 | MEDIUM | 4.3 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration … | Jun 24, 2026 |
| CVE-2026-57282 | MEDIUM | 5.0 | Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, … | Jun 24, 2026 |
| CVE-2026-57281 | HIGH | 7.5 | Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy … | Jun 24, 2026 |
| CVE-2026-57280 | HIGH | 8.8 | Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy … | Jun 24, 2026 |
| CVE-2026-42450 | UNKNOWN | — | OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when … | Jun 24, 2026 |
| CVE-2026-35025 | HIGH | 8.1 | ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with … | Jun 24, 2026 |
| CVE-2026-29034 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Jun 24, 2026 |
| CVE-2026-12537 | UNKNOWN | — | Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior … | Jun 24, 2026 |
| CVE-2026-56761 | MEDIUM | 4.3 | hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers … | Jun 24, 2026 |