Export limit exceeded: 360632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54100 | 1 Redhat | 4 Openshift, Openshift Container Platform, Openshift For Windows Containers and 1 more | 2026-06-24 | 8.3 High |
| A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster. | ||||
| CVE-2026-42129 | 1 Grafana | 2 Grafana, Loki Datasource | 2026-06-24 | 7.7 High |
| The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints (e.g. /config, /services, /ready) to extract sensitive backend configuration and internal service information. | ||||
| CVE-2026-28381 | 1 Grafana | 1 Snowflake Datasource | 2026-06-24 | 9.6 Critical |
| The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host. | ||||
| CVE-2026-12725 | 2 Dnsmasq, Redhat | 4 Dnsmasq, Enterprise Linux, Openshift and 1 more | 2026-06-24 | 5.9 Medium |
| A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service. | ||||
| CVE-2026-12549 | 2 Libsoup, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-24 | 4.8 Medium |
| The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding. | ||||
| CVE-2026-12249 | 1 Canonical | 1 Adsys | 2026-06-24 | 8.3 High |
| An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py), ADSys utilizes a plaintext HTTP connection (http://) instead of a secure HTTPS connection (https://) to request the CA certificate from the Active Directory Certificate Services server (GetCACert). An unauthenticated network attacker positioned between the managed Ubuntu host and the configured AD CS CA hostname can conduct a Man-in-the-Middle (MITM) attack. By intercepting the plaintext HTTP request, the attacker can supply an arbitrary, attacker-controlled Root CA certificate. Because the system automatically accepts this certificate and registers it into the local system trust store via update-ca-certificates, this results in system-wide trust store poisoning. Consequently, TLS clients utilizing the operating system trust store on the affected machine will accept rogue certificates for arbitrary domains, enabling persistent decryption and interception of subsequent TLS connections. This issue is resolved in version v0.16.3. | ||||
| CVE-2026-49269 | 1 Apple | 1 M1 Pro | 2026-06-24 | 8.6 High |
| Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that this behavior affects only legacy hardware and has already been addressed at the hardware level in current-generation Apple Silicon. | ||||
| CVE-2026-12242 | 2 Adegans, Wordpress | 2 Adrotate Banner Manager, Wordpress | 2026-06-24 | 8.8 High |
| The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string wrapped in W3 Total Cache mfunc or Borlabs Cache fragment markers. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server. This vulnerability requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings. | ||||
| CVE-2026-57282 | 1 Jenkins Project | 1 Jenkins Git Client Plugin | 2026-06-24 | 5 Medium |
| Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent. | ||||
| CVE-2026-57286 | 1 Jenkins Project | 1 Jenkins Git Parameter Plugin | 2026-06-24 | 4.3 Medium |
| A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata. | ||||
| CVE-2026-57287 | 1 Jenkins Project | 1 Jenkins Job Configuration History Plugin | 2026-06-24 | 4.3 Medium |
| Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted. | ||||
| CVE-2026-42450 | 1 Academysoftwarefoundation | 1 Opencolorio | 2026-06-24 | N/A |
| OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue. | ||||
| CVE-2026-57289 | 1 Jenkins Project | 1 Jenkins Bitbucket Push And Pull Request Plugin | 2026-06-24 | 4.8 Medium |
| Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token. | ||||
| CVE-2026-57290 | 1 Jenkins Project | 1 Jenkins Priority Sorter Plugin | 2026-06-24 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. | ||||
| CVE-2026-57291 | 1 Jenkins Project | 1 Jenkins Gitee Plugin | 2026-06-24 | 5.4 Medium |
| Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2026-57292 | 1 Jenkins Project | 1 Jenkins Gitee Plugin | 2026-06-24 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2026-57293 | 1 Jenkins Project | 1 Jenkins Gitee Plugin | 2026-06-24 | 4.3 Medium |
| An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2026-57294 | 1 Jenkins Project | 1 Jenkins Ec2 Fleet Plugin | 2026-06-24 | 5.4 Medium |
| A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. | ||||
| CVE-2026-57295 | 1 Jenkins Project | 1 Jenkins Ec2 Fleet Plugin | 2026-06-24 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. | ||||
| CVE-2026-57296 | 1 Jenkins Project | 1 Jenkins External Workspace Manager Plugin | 2026-06-24 | 8.8 High |
| Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution. | ||||