Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11. More information : https://patchstack.com/database/wordpress/plugin/adminimize/vulnerability/wordpress-adminimize-plugin-1-11-11-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a...
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14. More information : https://patchstack.com/database/wordpress/plugin/svg-support/vulnerability/wordpress-svg-support-plugin-2-5-14-broken-access-control-vulnerability?_s_id=cve
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3486
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. More information :...
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3776
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3761
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3671
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations...
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary...
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to...
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3659
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3659
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. More information : https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654