Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21003
Total
1519
Critical
6392
High
6662
Medium
CVE ID Severity Score Description Published
CVE-2026-57306 MEDIUM 4.2 A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials … Jun 24, 2026
CVE-2026-57305 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username … Jun 24, 2026
CVE-2026-57304 MEDIUM 5.4 A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified … Jun 24, 2026
CVE-2026-57303 HIGH 7.1 Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the … Jun 24, 2026
CVE-2026-57302 MEDIUM 4.3 Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with … Jun 24, 2026
CVE-2026-57301 HIGH 8.8 Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to … Jun 24, 2026
CVE-2026-57300 MEDIUM 4.3 A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs … Jun 24, 2026
CVE-2026-57299 UNKNOWN Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast … Jun 24, 2026
CVE-2026-57298 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified … Jun 24, 2026
CVE-2026-57297 UNKNOWN A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL … Jun 24, 2026
CVE-2026-57296 HIGH 8.8 Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, … Jun 24, 2026
CVE-2026-57295 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials … Jun 24, 2026
CVE-2026-57294 MEDIUM 5.4 A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified … Jun 24, 2026
CVE-2026-57293 MEDIUM 4.3 An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) … Jun 24, 2026
CVE-2026-57292 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs … Jun 24, 2026
CVE-2026-57291 MEDIUM 5.4 Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs … Jun 24, 2026
CVE-2026-57290 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. Jun 24, 2026
CVE-2026-57289 MEDIUM 4.8 Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to … Jun 24, 2026
CVE-2026-57288 LOW 3.7 Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication … Jun 24, 2026
CVE-2026-57287 MEDIUM 4.3 Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers … Jun 24, 2026
CVE-2026-57286 MEDIUM 4.3 A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used … Jun 24, 2026
CVE-2026-57285 MEDIUM 4.3 A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise … Jun 24, 2026
CVE-2026-57284 MEDIUM 4.3 Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate … Jun 24, 2026
CVE-2026-57283 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration … Jun 24, 2026
CVE-2026-57282 MEDIUM 5.0 Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, … Jun 24, 2026