Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: devops Clear
ID Title
CVE-2026-57303 SSRF (Server-Side Request Forgery) in jenkins (CVE-2026-57303)
SSRF in jenkins (CVE-2026-57303). Confidential information can be exposed externally.
CVE-2026-57301 Vulnerability in jenkins (CVE-2026-57301)
vulnerability in jenkins (CVE-2026-57301). Successful exploitation can lead to full system takeover.
CVE-2026-57281 Vulnerability in jenkins (CVE-2026-57281)
vulnerability in jenkins (CVE-2026-57281). Successful exploitation can lead to full system takeover.
CVE-2026-57280 Vulnerability in jenkins (CVE-2026-57280)
vulnerability in jenkins (CVE-2026-57280). Successful exploitation can lead to full system takeover.
CVE-2026-42127 Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
CVE-2026-11769 Path Traversal in github.com/grafana/grafana-operator (CVE-2026-11769)
path traversal in github.com/grafana/grafana-operator (CVE-2026-11769). Successful exploitation can lead to full system takeover. Exploitable via ``Dashboard``. Mitigation: upgrade to `5.24.0` or later.
CVE-2026-53435 Unsafe Deserialization in jenkins (CVE-2026-53435)
vulnerability in jenkins (CVE-2026-53435). Successful exploitation can lead to full system takeover. Exploitable via ``config.xml``. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
CVE-2026-48922 Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
CVE-2026-48920 Vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920)
vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920). Successful exploitation can lead to full system takeover. Exploitable via ``base64``. Mitigation: upgrade to `1933.1935.v276319e3cc47` or later.
CVE-2026-48921 Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
CVE-2026-5843 Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
CVE-2026-5817 Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
CVE-2026-6406 Authorization Flaw in docker (CVE-2026-6406)
vulnerability in docker (CVE-2026-6406). Successful exploitation can lead to full system takeover.
CVE-2026-42306 Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-33376 Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-33377 Vulnerability in grafana (CVE-2026-33377)
vulnerability in grafana (CVE-2026-33377). Data can be tampered with by attackers. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-42154 Vulnerability in github.com/prometheus/prometheus (CVE-2026-42154)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42154). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.11.3` or later.
CVE-2026-42151 Information Disclosure in github.com/prometheus/prometheus (CVE-2026-42151)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42151). Confidential information can be exposed externally. Exploitable via ``client_secret``. Mitigation: upgrade to `0.311.3` or later.
CVE-2026-21728 Vulnerability in grafana (CVE-2026-21728)
vulnerability in grafana (CVE-2026-21728). Risk of unauthorized operations or information disclosure.
CVE-2026-5807 Vulnerability in hashicorp (CVE-2026-5807)
vulnerability in hashicorp (CVE-2026-5807). Risk of unauthorized operations or information disclosure.
CVE-2026-4525 Vulnerability in hashicorp (CVE-2026-4525)
vulnerability in hashicorp (CVE-2026-4525). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.0.0` or later.
CVE-2026-3605 Vulnerability in hashicorp (CVE-2026-3605)
vulnerability in hashicorp (CVE-2026-3605). Data can be tampered with by attackers.
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
CVE-2026-35205 Vulnerability in helm (CVE-2026-35205)
vulnerability in helm (CVE-2026-35205). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.4` or later.
CVE-2026-35204 Path Traversal in helm (CVE-2026-35204)
path traversal in helm (CVE-2026-35204). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.4` or later.
CVE-2026-34040 Vulnerability in github.com/moby/moby (CVE-2026-34040)
vulnerability in github.com/moby/moby (CVE-2026-34040). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `29.3.1` or later.
CVE-2026-27880 Out-of-Bounds Write in grafana (CVE-2026-27880)
out-of-bounds write in grafana (CVE-2026-27880). Risk of unauthorized operations or information disclosure.
CVE-2026-33634 KEV [KEV] Vulnerability in Aquasecurity trivy (CVE-2026-33634)
vulnerability in Aquasecurity trivy (CVE-2026-33634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-4342 Vulnerability in nginx (CVE-2026-4342)
vulnerability in nginx (CVE-2026-4342). Successful exploitation can lead to full system takeover.
CVE-2026-33001 Vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001)
vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.555` or later.
CVE-2025-15558 Vulnerability in c (CVE-2025-15558)
vulnerability in c (CVE-2025-15558). Successful exploitation can lead to full system takeover.
CVE-2026-21721 Authorization Flaw in privilege-escalation (CVE-2026-21721)
vulnerability in privilege-escalation (CVE-2026-21721). Confidential information can be exposed externally.
CVE-2026-21720 Vulnerability in grafana (CVE-2026-21720)
vulnerability in grafana (CVE-2026-21720). Risk of unauthorized operations or information disclosure.
CVE-2021-43798 KEV [KEV] Path Traversal in Grafana labs grafana-labs (CVE-2021-43798)
path traversal in Grafana labs grafana-labs (CVE-2021-43798). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-1000353 KEV [KEV] Vulnerability in jenkins (CVE-2017-1000353)
vulnerability in jenkins (CVE-2017-1000353). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-23897 KEV [KEV] Vulnerability in jenkins (CVE-2024-23897)
vulnerability in jenkins (CVE-2024-23897). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-44487 KEV [KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
CVE-2015-5317 KEV [KEV] Information Disclosure in jenkins (CVE-2015-5317)
vulnerability in jenkins (CVE-2015-5317). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-26735 SSRF (Server-Side Request Forgery) in prometheus (CVE-2023-26735)
SSRF in prometheus (CVE-2023-26735). Confidential information can be exposed externally.
CVE-2021-39226 KEV [KEV] Authentication Bypass in Grafana labs grafana-labs (CVE-2021-39226)
authentication bypass in Grafana labs grafana-labs (CVE-2021-39226). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-1003029 KEV [KEV] Vulnerability in Jenkins script-security-plugin (CVE-2019-1003029)
vulnerability in Jenkins script-security-plugin (CVE-2019-1003029). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-1003030 KEV [KEV] Vulnerability in Jenkins matrix-project-plugin (CVE-2019-1003030)
vulnerability in Jenkins matrix-project-plugin (CVE-2019-1003030). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-1000861 KEV [KEV] Unsafe Deserialization in jenkins (CVE-2018-1000861)
vulnerability in jenkins (CVE-2018-1000861). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-15752 KEV [KEV] Vulnerability in Docker desktop-community-edition (CVE-2019-15752)
vulnerability in Docker desktop-community-edition (CVE-2019-15752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-1000244 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-1000244)
vulnerability in csrf (CVE-2017-1000244). Successful exploitation can lead to full system takeover.
CVE-2016-5714 Vulnerability in puppet (CVE-2016-5714)
vulnerability in puppet (CVE-2016-5714). Successful exploitation can lead to full system takeover.
CVE-2014-0047 Vulnerability in docker (CVE-2014-0047)
vulnerability in docker (CVE-2014-0047). Successful exploitation can lead to full system takeover.
CVE-2017-1000108 Information Disclosure in jenkins (CVE-2017-1000108)
vulnerability in jenkins (CVE-2017-1000108). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →