|
681
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
|
CWE-862
Missing Authorization
|
CVE-2026-42519
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
7.5 |
HIGH
Network
|
-
|
-
|
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write file…
|
CWE-22
Path Traversal
|
CVE-2026-42520
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
3.1 |
LOW
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
* the ap…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-22741
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42521
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacke…
|
CWE-862
Missing Authorization
|
CVE-2026-42522
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42523
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
8.0 |
HIGH
Network
|
-
|
-
|
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42524
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
|
CWE-306
CWE-1390
Missing Authentication for Critical Function
Weak Authentication
|
CVE-2026-0204
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-0205
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0206
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
