Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1728 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2021-21635 1 Jenkins 1 Rest List Parameter 2024-11-21 5.4 Medium
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21634 1 Jenkins 1 Jabber \(xmpp\) Notifier And Control 2024-11-21 6.5 Medium
Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2021-21633 1 Jenkins 1 Owasp Dependency-track 2024-11-21 8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
CVE-2021-21632 1 Jenkins 1 Owasp Dependency-track 2024-11-21 6.5 Medium
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
CVE-2021-21631 1 Jenkins 1 Cloud Statistics 2024-11-21 4.3 Medium
Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages.
CVE-2021-21630 1 Jenkins 1 Extra Columns 2024-11-21 5.4 Medium
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21629 1 Jenkins 1 Build With Parameters 2024-11-21 8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.
CVE-2021-21628 1 Jenkins 1 Build With Parameters 2024-11-21 5.4 Medium
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21627 1 Jenkins 1 Libvirt Agents 2024-11-21 8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.
CVE-2021-21626 1 Jenkins 1 Warnings Next Generation 2024-11-21 4.3 Medium
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
CVE-2021-21625 1 Jenkins 1 Cloudbees Aws Credentials 2024-11-21 4.3 Medium
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
CVE-2021-21624 1 Jenkins 1 Role-based Authorization Strategy 2024-11-21 4.3 Medium
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVE-2021-21623 2 Jenkins, Redhat 2 Matrix Authorization Strategy, Openshift 2024-11-21 6.5 Medium
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
CVE-2021-21622 1 Jenkins 1 Artifact Repository Parameter 2024-11-21 5.4 Medium
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21621 1 Jenkins 1 Support Core 2024-11-21 5.3 Medium
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
CVE-2021-21620 1 Jenkins 1 Claim 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
CVE-2021-21619 1 Jenkins 1 Claim 2024-11-21 5.4 Medium
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.
CVE-2021-21618 1 Jenkins 1 Repository Connector 2024-11-21 5.4 Medium
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2021-21617 1 Jenkins 1 Configuration Slicing 2024-11-21 8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.
CVE-2021-21616 1 Jenkins 1 Active Choices 2024-11-21 4.6 Medium
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.