Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-38930 |
|
SQL Injection in CVE-2026-38930 (CVE-2026-38930)
SQL injection in CVE-2026-38930 (CVE-2026-38930). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2340 |
|
Vulnerability in redhat (CVE-2026-2340)
vulnerability in redhat (CVE-2026-2340). Data can be tampered with by attackers.
|
| CVE-2026-1933 |
|
Vulnerability in redhat (CVE-2026-1933)
vulnerability in redhat (CVE-2026-1933). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9674 |
|
Cross-Site Request Forgery (CSRF) in org.jenkins-ci.plugins:jenkins-multijob-plugin (CVE-2026-9674)
vulnerability in org.jenkins-ci.plugins:jenkins-multijob-plugin (CVE-2026-9674). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `669.v9d96a` or later.
|
| CVE-2026-48924 |
|
Open Redirect in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924)
vulnerability in org.jenkins-ci.plugins:bitbucket-oauth (CVE-2026-48924). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18` or later.
|
| CVE-2026-48926 |
|
Privilege Escalation in org.jenkins-ci.plugins:job-import-plugin (CVE-2026-48926)
vulnerability in org.jenkins-ci.plugins:job-import-plugin (CVE-2026-48926). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `143.145.v48f9a` or later.
|
| CVE-2026-48927 |
|
Cross-Site Scripting (XSS) in org.jenkins-ci.plugins:buildgraph-view (CVE-2026-48927)
cross-site scripting in org.jenkins-ci.plugins:buildgraph-view (CVE-2026-48927). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48916 |
|
SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:ldap (CVE-2026-48916)
SSRF in org.jenkins-ci.plugins:ldap (CVE-2026-48916). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
|
| CVE-2026-48917 |
|
Unsafe Deserialization in org.jenkins-ci.plugins:ldap (CVE-2026-48917)
vulnerability in org.jenkins-ci.plugins:ldap (CVE-2026-48917). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
|
| CVE-2026-48918 |
|
SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:active-directory (CVE-2026-48918)
SSRF in org.jenkins-ci.plugins:active-directory (CVE-2026-48918). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `2.41.1` or later.
|
| CVE-2026-48919 |
|
Unsafe Deserialization in org.jenkins-ci.plugins:active-directory (CVE-2026-48919)
vulnerability in org.jenkins-ci.plugins:active-directory (CVE-2026-48919). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `2.41.1` or later.
|
| CVE-2026-48920 |
|
Vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920)
vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920). Successful exploitation can lead to full system takeover. Exploitable via ``base64``. Mitigation: upgrade to `1933.1935.v276319e3cc47` or later.
|
| CVE-2026-48921 |
|
Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
|
| CVE-2026-48922 |
|
Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
|
| CVE-2026-48923 |
|
Privilege Escalation in com.rapid7:jenkinsci-appspider-plugin (CVE-2026-48923)
vulnerability in com.rapid7:jenkinsci-appspider-plugin (CVE-2026-48923). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.18` or later.
|
| CVE-2026-37713 |
|
Code Injection in CVE-2026-37713 (CVE-2026-37713)
code injection in CVE-2026-37713 (CVE-2026-37713). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37711 |
|
Code Injection in CVE-2026-37711 (CVE-2026-37711)
code injection in CVE-2026-37711 (CVE-2026-37711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37712 |
|
Code Injection in CVE-2026-37712 (CVE-2026-37712)
code injection in CVE-2026-37712 (CVE-2026-37712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30498 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-30498)
vulnerability in csrf (CVE-2026-30498). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7524 |
|
Path Traversal in langflow (CVE-2026-7524)
path traversal in langflow (CVE-2026-7524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7528 |
|
Vulnerability in dos (CVE-2026-7528)
vulnerability in dos (CVE-2026-7528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6051 |
|
Vulnerability in dos (CVE-2026-6051)
vulnerability in dos (CVE-2026-6051). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6052 |
|
Vulnerability in ibm (CVE-2026-6052)
vulnerability in ibm (CVE-2026-6052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6053 |
|
Vulnerability in dos (CVE-2026-6053)
vulnerability in dos (CVE-2026-6053). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48972 |
|
Vulnerability in CVE-2026-48972 (CVE-2026-48972)
vulnerability in CVE-2026-48972 (CVE-2026-48972). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46052 |
|
Vulnerability in c (CVE-2026-46052)
vulnerability in c (CVE-2026-46052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42791 |
|
Vulnerability in erlang (CVE-2026-42791)
vulnerability in erlang (CVE-2026-42791). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42789 |
|
Vulnerability in erlang (CVE-2026-42789)
vulnerability in erlang (CVE-2026-42789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42762 |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
| CVE-2026-42746 |
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
| CVE-2026-42745 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
| CVE-2026-42737 |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
| CVE-2026-42735 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
| CVE-2026-42730 |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
| CVE-2026-3012 |
|
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
|
| CVE-2026-40833 |
|
SQL Injection in sqli (CVE-2026-40833)
SQL injection in sqli (CVE-2026-40833). Confidential information can be exposed externally.
|
| CVE-2026-40834 |
|
SQL Injection in sqli (CVE-2026-40834)
SQL injection in sqli (CVE-2026-40834). Confidential information can be exposed externally.
|
| CVE-2026-40830 |
|
SQL Injection in sqli (CVE-2026-40830)
SQL injection in sqli (CVE-2026-40830). Confidential information can be exposed externally.
|
| CVE-2026-40829 |
|
SQL Injection in sqli (CVE-2026-40829)
SQL injection in sqli (CVE-2026-40829). Confidential information can be exposed externally.
|
| CVE-2026-40816 |
|
SQL Injection in sqli (CVE-2026-40816)
SQL injection in sqli (CVE-2026-40816). Confidential information can be exposed externally.
|
| CVE-2026-40814 |
|
SQL Injection in sqli (CVE-2026-40814)
SQL injection in sqli (CVE-2026-40814). Confidential information can be exposed externally.
|
| CVE-2026-8832 |
|
Code Injection in wordpress (CVE-2026-8832)
code injection in wordpress (CVE-2026-8832). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6169 |
|
Code Injection in wordpress (CVE-2026-6169)
code injection in wordpress (CVE-2026-6169). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3001 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3001)
cross-site scripting in wordpress (CVE-2026-3001). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9200 |
|
Vulnerability in wordpress (CVE-2026-9200)
vulnerability in wordpress (CVE-2026-9200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8939 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8939)
vulnerability in wordpress (CVE-2026-8939). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8868 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8868)
cross-site scripting in wordpress (CVE-2026-8868). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9609 |
|
Vulnerability in CVE-2026-9609 (CVE-2026-9609)
vulnerability in CVE-2026-9609 (CVE-2026-9609). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7493 |
|
Vulnerability in wordpress (CVE-2026-7493)
vulnerability in wordpress (CVE-2026-7493). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7899504660052 |
|
Vulnerability in Google chrome (CVE-2026-7899504660052)
vulnerability in Google chrome (CVE-2026-7899504660052). Risk of unauthorized operations or information disclosure.
|