|
81
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_se…
New
|
CWE-22
Path Traversal
|
CVE-2026-7384
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.
This issue affects Pardus …
New
|
CWE-59
Link Following
|
CVE-2026-5161
|
2026-04-30 00:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass.
This issue affects Pardus: …
New
|
CWE-93
CRLF Injection
|
CVE-2026-5140
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
New
|
CWE-601
Open Redirect
|
CVE-2026-42525
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
8.0 |
HIGH
Network
|
-
|
-
|
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42524
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42523
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacke…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42522
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategi…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42521
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
7.5 |
HIGH
Network
|
-
|
-
|
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write file…
New
|
CWE-22
Path Traversal
|
CVE-2026-42520
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
New
|
CWE-862
Missing Authorization
|
CVE-2026-42519
|
2026-04-30 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
