CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-57300
Medium

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

CVE-2026-57299
Medium

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.

CVE-2026-57298
Medium

The Jenkins Contrast Continuous Application Security Plugin version 3.11 and earlier contains a cross-site request forgery (CSRF) vulnerability that allows attackers to force Jenkins to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

CVE-2026-57297
Medium

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

CVE-2026-57295
Medium

A CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins.

CVE-2026-57294
Medium

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins.

CVE-2026-57293
Medium

The Gitee Plugin in Jenkins version 1288.v18b_deb_c9069b_ and earlier has an incorrect permission check, allowing attackers with global Item/Configure permission to enumerate credential IDs stored in Jenkins.

CVE-2026-57292
Medium

The Gitee Plugin in Jenkins version 1288.v18b_deb_c9069b_ and earlier contains a CSRF vulnerability that allows attackers to connect to an attacker-specified URL using credentials IDs obtained through another method.

CVE-2026-57291
Medium

The Gitee Plugin in Jenkins version 1288.v18b_deb_c9069b_ and earlier has missing permission checks, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credential IDs obtained through another method.

CVE-2026-57290
Medium

A CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.

CVE-2026-57289
Medium

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.

CVE-2026-57287
Medium

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

CVE-2026-57286
Medium

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.

CVE-2026-57285
Medium

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.

CVE-2026-57284
Medium

Jenkins Pipeline: Groovy Plugin version 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

CVE-2026-57283
Medium

A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.

CVE-2026-57282
Medium

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

CVE-2026-56761
Medium

An HTML injection vulnerability in the Hono library before version 4.12.14 allows attackers to inject unintended HTML by using malformed attribute names during server-side JSX rendering. Specially crafted attribute keys containing characters like quotes or angle brackets can break HTML tag boundaries and inject arbitrary attributes or elements.

CVE-2026-56358
Medium

Stored XSS vulnerability in n8n before versions 1.123.25 (1.x) and 2.11.2 (2.x) (also fixed in 2.12.0) in the Form Trigger node's CSS sanitization allows authenticated users with workflow creation permissions to inject malicious scripts that execute persistently for all form visitors.

CVE-2026-56338
Medium

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures.

PreviousPage 61 of 530Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS