|
151
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke…
New
|
CWE-601
Open Redirect
|
CVE-2026-53440
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names …
New
|
CWE-862
Missing Authorization
|
CVE-2026-53439
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have…
New
|
CWE-862
Missing Authorization
|
CVE-2026-53438
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, a…
New
|
CWE-601
Open Redirect
|
CVE-2026-53437
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), a…
New
|
CWE-601
Open Redirect
|
CVE-2026-53436
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
8.8 |
HIGH
Network
|
-
|
-
|
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-53435
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O bin…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52759
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
7.8 |
HIGH
Local
|
-
|
-
|
Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious…
New
|
CWE-22
Path Traversal
|
CVE-2026-52755
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52753
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
- |
|
-
|
-
|
Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.
This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-49760
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
