Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57307 |
|
Vulnerability in jenkins (CVE-2026-57307)
vulnerability in jenkins (CVE-2026-57307). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57306 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57306)
vulnerability in csrf (CVE-2026-57306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57305 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57305)
vulnerability in csrf (CVE-2026-57305). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57304 |
|
Vulnerability in jenkins (CVE-2026-57304)
vulnerability in jenkins (CVE-2026-57304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57303 |
|
SSRF (Server-Side Request Forgery) in jenkins (CVE-2026-57303)
SSRF in jenkins (CVE-2026-57303). Confidential information can be exposed externally.
|
| CVE-2026-57302 |
|
Vulnerability in jenkins (CVE-2026-57302)
vulnerability in jenkins (CVE-2026-57302). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57301 |
|
Vulnerability in jenkins (CVE-2026-57301)
vulnerability in jenkins (CVE-2026-57301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57300 |
|
Vulnerability in jenkins (CVE-2026-57300)
vulnerability in jenkins (CVE-2026-57300). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57299 |
|
Vulnerability in jenkins (CVE-2026-57299)
vulnerability in jenkins (CVE-2026-57299). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57288 |
|
Vulnerability in jenkins (CVE-2026-57288)
vulnerability in jenkins (CVE-2026-57288). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57289 |
|
Vulnerability in jenkins (CVE-2026-57289)
vulnerability in jenkins (CVE-2026-57289). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57290 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57290)
vulnerability in csrf (CVE-2026-57290). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57294 |
|
Vulnerability in jenkins (CVE-2026-57294)
vulnerability in jenkins (CVE-2026-57294). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57295 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57295)
vulnerability in csrf (CVE-2026-57295). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57297 |
|
Vulnerability in jenkins (CVE-2026-57297)
vulnerability in jenkins (CVE-2026-57297). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57282 |
|
OS Command Injection in jenkins (CVE-2026-57282)
OS command injection in jenkins (CVE-2026-57282). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57285 |
|
Vulnerability in jenkins (CVE-2026-57285)
vulnerability in jenkins (CVE-2026-57285). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57284 |
|
Vulnerability in jenkins (CVE-2026-57284)
vulnerability in jenkins (CVE-2026-57284). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57283 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57283)
vulnerability in csrf (CVE-2026-57283). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57286 |
|
Vulnerability in jenkins (CVE-2026-57286)
vulnerability in jenkins (CVE-2026-57286). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57287 |
|
Vulnerability in jenkins (CVE-2026-57287)
vulnerability in jenkins (CVE-2026-57287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57281 |
|
Vulnerability in jenkins (CVE-2026-57281)
vulnerability in jenkins (CVE-2026-57281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57280 |
|
Vulnerability in jenkins (CVE-2026-57280)
vulnerability in jenkins (CVE-2026-57280). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53442 |
|
Vulnerability in jenkins (CVE-2026-53442)
vulnerability in jenkins (CVE-2026-53442). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-53441 |
|
Cross-Site Scripting (XSS) in org.jenkins-ci.main:jenkins-core (CVE-2026-53441)
cross-site scripting in org.jenkins-ci.main:jenkins-core (CVE-2026-53441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.568` or later.
|
| CVE-2026-53436 |
|
Open Redirect in jenkins (CVE-2026-53436)
vulnerability in jenkins (CVE-2026-53436). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-53438 |
|
Vulnerability in jenkins (CVE-2026-53438)
vulnerability in jenkins (CVE-2026-53438). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-53437 |
|
Open Redirect in jenkins (CVE-2026-53437)
vulnerability in jenkins (CVE-2026-53437). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-53439 |
|
Vulnerability in jenkins (CVE-2026-53439)
vulnerability in jenkins (CVE-2026-53439). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-53440 |
|
Open Redirect in jenkins (CVE-2026-53440)
vulnerability in jenkins (CVE-2026-53440). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-53435 |
|
Unsafe Deserialization in jenkins (CVE-2026-53435)
vulnerability in jenkins (CVE-2026-53435). Successful exploitation can lead to full system takeover. Exploitable via ``config.xml``. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-9674 |
|
Cross-Site Request Forgery (CSRF) in org.jenkins-ci.plugins:jenkins-multijob-plugin (CVE-2026-9674)
vulnerability in org.jenkins-ci.plugins:jenkins-multijob-plugin (CVE-2026-9674). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `669.v9d96a` or later.
|
| CVE-2026-48926 |
|
Privilege Escalation in org.jenkins-ci.plugins:job-import-plugin (CVE-2026-48926)
vulnerability in org.jenkins-ci.plugins:job-import-plugin (CVE-2026-48926). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `143.145.v48f9a` or later.
|
| CVE-2026-48927 |
|
Cross-Site Scripting (XSS) in org.jenkins-ci.plugins:buildgraph-view (CVE-2026-48927)
cross-site scripting in org.jenkins-ci.plugins:buildgraph-view (CVE-2026-48927). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48924 |
|
Open Redirect in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924)
vulnerability in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18` or later.
|
| CVE-2026-48919 |
|
Unsafe Deserialization in org.jenkins-ci.plugins:active-directory (CVE-2026-48919)
vulnerability in org.jenkins-ci.plugins:active-directory (CVE-2026-48919). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `2.41.1` or later.
|
| CVE-2026-48916 |
|
SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:ldap (CVE-2026-48916)
SSRF in org.jenkins-ci.plugins:ldap (CVE-2026-48916). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
|
| CVE-2026-48920 |
|
Vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920)
vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920). Successful exploitation can lead to full system takeover. Exploitable via ``base64``. Mitigation: upgrade to `1933.1935.v276319e3cc47` or later.
|
| CVE-2026-48918 |
|
SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:active-directory (CVE-2026-48918)
SSRF in org.jenkins-ci.plugins:active-directory (CVE-2026-48918). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `2.41.1` or later.
|
| CVE-2026-48917 |
|
Unsafe Deserialization in org.jenkins-ci.plugins:ldap (CVE-2026-48917)
vulnerability in org.jenkins-ci.plugins:ldap (CVE-2026-48917). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
|
| CVE-2026-48921 |
|
Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
|
| CVE-2026-48922 |
|
Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
|
| CVE-2026-48923 |
|
Privilege Escalation in com.rapid7:jenkinsci-appspider-plugin (CVE-2026-48923)
vulnerability in com.rapid7:jenkinsci-appspider-plugin (CVE-2026-48923). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.18` or later.
|
| CVE-2026-33001 |
|
Vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001)
vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.555` or later.
|
| CVE-2017-1000353 KEV |
|
[KEV] Vulnerability in jenkins (CVE-2017-1000353)
vulnerability in jenkins (CVE-2017-1000353). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-23897 KEV |
|
[KEV] Vulnerability in jenkins (CVE-2024-23897)
vulnerability in jenkins (CVE-2024-23897). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2015-5317 KEV |
|
[KEV] Information Disclosure in jenkins (CVE-2015-5317)
vulnerability in jenkins (CVE-2015-5317). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-1003029 KEV |
|
[KEV] Vulnerability in Jenkins script-security-plugin (CVE-2019-1003029)
vulnerability in Jenkins script-security-plugin (CVE-2019-1003029). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-1003030 KEV |
|
[KEV] Vulnerability in Jenkins matrix-project-plugin (CVE-2019-1003030)
vulnerability in Jenkins matrix-project-plugin (CVE-2019-1003030). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|