Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-53441 — Jenkins Stored Cross-Site Scripting

Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST…

| Cross-Site Scripting
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-53440 — Jenkins: Open Redirect in Security Realm

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-53439 — Jenkins Information Disclosure

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names …

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-53438 — Jenkins Missing Permission Check Allows Unauthorized Queue Item Cancellation

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-53437 — Jenkins Tab N Transgression Security Bypass

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, a…

Remote | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-53436 — Jenkins Relative Path Traversal for Phishing

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), a…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-53435 — Jenkins Deserialization Vulnerability Leads to Remote Code Execution

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.7 MEDIUM
CVE-2026-52759 — Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser

Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O bin…

| Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-52758 — Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers c…

Remote | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.6 MEDIUM
CVE-2026-52757 — Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafti…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.8 MEDIUM
CVE-2026-52756 — Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation…

Remote | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.4 HIGH
CVE-2026-52755 — Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-52754 — Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by pres…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.7 MEDIUM
CVE-2026-52753 — Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names…

| Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.4 HIGH
CVE-2026-52752 — Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with travers…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-52751 — Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Projec…

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a maliciou…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.8 HIGH
CVE-2026-52750 — Ghidra < 12.1- Command Injection via URL Annotation Click

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands und…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-49498 — Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE …

Remote | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
3.3 LOW
CVE-2026-49497 — Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attacke…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-49496 — Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reall…

Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vecto…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7557 Results