Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20896
Total
1510
Critical
6356
High
6618
Medium
CVE ID Severity Score Description Published
CVE-2026-57299 UNKNOWN Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast … Jun 24, 2026
CVE-2026-57298 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified … Jun 24, 2026
CVE-2026-57297 UNKNOWN A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL … Jun 24, 2026
CVE-2026-57296 HIGH 8.8 Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, … Jun 24, 2026
CVE-2026-57295 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials … Jun 24, 2026
CVE-2026-57294 MEDIUM 5.4 A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified … Jun 24, 2026
CVE-2026-57293 MEDIUM 4.3 An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) … Jun 24, 2026
CVE-2026-57292 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs … Jun 24, 2026
CVE-2026-57291 MEDIUM 5.4 Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs … Jun 24, 2026
CVE-2026-57290 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. Jun 24, 2026
CVE-2026-57289 MEDIUM 4.8 Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to … Jun 24, 2026
CVE-2026-57288 LOW 3.7 Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication … Jun 24, 2026
CVE-2026-57287 MEDIUM 4.3 Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers … Jun 24, 2026
CVE-2026-57286 MEDIUM 4.3 A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used … Jun 24, 2026
CVE-2026-57285 MEDIUM 4.3 A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise … Jun 24, 2026
CVE-2026-57284 MEDIUM 4.3 Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate … Jun 24, 2026
CVE-2026-57283 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration … Jun 24, 2026
CVE-2026-57282 MEDIUM 5.0 Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, … Jun 24, 2026
CVE-2026-57281 HIGH 7.5 Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy … Jun 24, 2026
CVE-2026-57280 HIGH 8.8 Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy … Jun 24, 2026
CVE-2026-42450 UNKNOWN OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when … Jun 24, 2026
CVE-2026-35025 HIGH 8.1 ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with … Jun 24, 2026
CVE-2026-29034 UNKNOWN Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Jun 24, 2026
CVE-2026-12537 UNKNOWN Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior … Jun 24, 2026
CVE-2026-56761 MEDIUM 4.3 hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers … Jun 24, 2026