| 0 |
| url |
VCID-1zas-w8w2-4ydr |
| vulnerability_id |
VCID-1zas-w8w2-4ydr |
| summary |
Jenkins Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3681 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48243 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48194 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48188 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48212 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48186 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48197 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48248 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.48133 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.4817 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.4819 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00249 |
| scoring_system |
epss |
| scoring_elements |
0.4814 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3681 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3681, GHSA-cwh9-f8m6-6r63
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1zas-w8w2-4ydr |
|
| 1 |
| url |
VCID-2vbv-gzfv-83ae |
| vulnerability_id |
VCID-2vbv-gzfv-83ae |
| summary |
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3663 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20244 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20324 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20309 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.2025 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20239 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20255 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20399 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20459 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20184 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20265 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3663 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3663, GHSA-64mc-2m9p-23c8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2vbv-gzfv-83ae |
|
| 2 |
| url |
VCID-5yr7-w7h9-g7gh |
| vulnerability_id |
VCID-5yr7-w7h9-g7gh |
| summary |
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8103 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.9037 |
| scoring_system |
epss |
| scoring_elements |
0.99606 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.9037 |
| scoring_system |
epss |
| scoring_elements |
0.99602 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.9037 |
| scoring_system |
epss |
| scoring_elements |
0.99604 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.9037 |
| scoring_system |
epss |
| scoring_elements |
0.99605 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8103 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8103, GHSA-wfw7-6632-xcv2
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5yr7-w7h9-g7gh |
|
| 3 |
| url |
VCID-619d-pxn6-fkce |
| vulnerability_id |
VCID-619d-pxn6-fkce |
| summary |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60611 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60443 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60519 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60545 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60514 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60563 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60579 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.606 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60585 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60565 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60605 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7537 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7537 |
| reference_id |
CVE-2015-7537 |
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7537 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7537, GHSA-3vhr-f5xr-8vpx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-619d-pxn6-fkce |
|
| 4 |
| url |
VCID-6qdw-fvzm-4kdx |
| vulnerability_id |
VCID-6qdw-fvzm-4kdx |
| summary |
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3662 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28822 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28912 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28916 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28873 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28823 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28845 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28869 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28946 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28996 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.28803 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00107 |
| scoring_system |
epss |
| scoring_elements |
0.2887 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3662 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3662, GHSA-fxqr-px2m-fvc2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6qdw-fvzm-4kdx |
|
| 5 |
| url |
VCID-7p5d-b885-sycx |
| vulnerability_id |
VCID-7p5d-b885-sycx |
| summary |
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3667 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17524 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17364 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17414 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17466 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17515 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17502 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.1735 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17356 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17569 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17442 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3667 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3667, GHSA-5xm3-48v5-6h7v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7p5d-b885-sycx |
|
| 6 |
| url |
VCID-88ku-rdqg-nfdm |
| vulnerability_id |
VCID-88ku-rdqg-nfdm |
| summary |
Jenkins allows for Privilege Escalation by Remote Authenticated Users
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1806 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70583 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.7048 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70498 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70521 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70536 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.7056 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70545 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70531 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70575 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00639 |
| scoring_system |
epss |
| scoring_elements |
0.70467 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1806 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1806, GHSA-mm9c-4cv4-7rfv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-88ku-rdqg-nfdm |
|
| 7 |
| url |
VCID-8g3u-4dyc-6fak |
| vulnerability_id |
VCID-8g3u-4dyc-6fak |
| summary |
Jenkins has Information Disclosure via Sidepanel Widget
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5321 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.4333 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43358 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43369 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43245 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43301 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43308 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43323 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43319 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43267 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5321 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5321, GHSA-4653-rmch-3g2g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8g3u-4dyc-6fak |
|
| 8 |
| url |
VCID-8q9g-qfve-93ba |
| vulnerability_id |
VCID-8q9g-qfve-93ba |
| summary |
Jenkins does not Verify Checksums for Plugin Files
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7539 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.7747 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77431 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77454 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77468 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77389 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77409 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77383 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77376 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.7742 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7539 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7539 |
| reference_id |
CVE-2015-7539 |
| reference_type |
|
| scores |
| 0 |
| value |
7.6 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:H/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7539 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7539, GHSA-x274-9m9r-fm5g
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8q9g-qfve-93ba |
|
| 9 |
| url |
VCID-9bjm-e9zm-dqck |
| vulnerability_id |
VCID-9bjm-e9zm-dqck |
| summary |
Jenkins allows for Privilege Escalation by Remote Authenticated Users
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1814 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47063 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46988 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47094 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47099 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47037 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47043 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46985 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47022 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.4704 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47039 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1814 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1814, GHSA-3269-jqp5-v8c9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9bjm-e9zm-dqck |
|
| 10 |
| url |
VCID-c43n-xyfr-aqbe |
| vulnerability_id |
VCID-c43n-xyfr-aqbe |
| summary |
Jenkins Path Traversal vulnerability
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3664 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41287 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41208 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41258 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41266 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41288 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41256 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41243 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41162 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41254 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41284 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3664 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3664, GHSA-3gp5-92h5-h855
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c43n-xyfr-aqbe |
|
| 11 |
| url |
VCID-d967-j6gn-j7cq |
| vulnerability_id |
VCID-d967-j6gn-j7cq |
| summary |
Jenkins Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1812 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44054 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44052 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.43982 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44033 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44051 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44018 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44002 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44064 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.4398 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44029 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1812 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1812, GHSA-w5v7-q2j4-fvpf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-j6gn-j7cq |
|
| 12 |
| url |
VCID-ejrj-pum8-9qa3 |
| vulnerability_id |
VCID-ejrj-pum8-9qa3 |
| summary |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5318 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18157 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18203 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18199 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18143 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.1806 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18147 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18358 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18061 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18048 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18106 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5318 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5318, GHSA-3wmv-7php-rhg5
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
6.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ejrj-pum8-9qa3 |
|
| 13 |
| url |
VCID-fmcb-kpgu-5fcg |
| vulnerability_id |
VCID-fmcb-kpgu-5fcg |
| summary |
Authorization bypass in Openshift
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85452 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85444 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.854 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.8549 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85485 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85461 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85465 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85467 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85388 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85423 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.8542 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1906 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
10.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1906 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-1906, GHSA-m3fm-h5jp-q79p
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fmcb-kpgu-5fcg |
|
| 14 |
| url |
VCID-gbeg-v39c-hfe5 |
| vulnerability_id |
VCID-gbeg-v39c-hfe5 |
| summary |
Jenkins allows Administrators to Access API Tokens
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5323 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42166 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42203 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.4218 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42169 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42118 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42092 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42151 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42178 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42165 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.4219 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42139 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5323 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5323, GHSA-x4m5-j4x4-4wjg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gbeg-v39c-hfe5 |
|
| 15 |
| url |
VCID-hkx6-feah-ckgv |
| vulnerability_id |
VCID-hkx6-feah-ckgv |
| summary |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7538 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.4624 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46281 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.463 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46247 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46302 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46326 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46298 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46307 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46364 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7538 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7538 |
| reference_id |
CVE-2015-7538 |
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7538 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7538, GHSA-w7qm-fprw-cqgq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hkx6-feah-ckgv |
|
| 16 |
| url |
VCID-jc2q-ht2b-cfhx |
| vulnerability_id |
VCID-jc2q-ht2b-cfhx |
| summary |
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2186 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99443 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99438 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99448 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99447 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99445 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99444 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.9944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99439 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99442 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.87099 |
| scoring_system |
epss |
| scoring_elements |
0.99441 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2186 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2186, GHSA-qx6h-9567-5fqw
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jc2q-ht2b-cfhx |
|
| 17 |
| url |
VCID-jfpr-4eze-j3f1 |
| vulnerability_id |
VCID-jfpr-4eze-j3f1 |
| summary |
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36934 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36969 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.3696 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36948 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36897 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36866 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.37035 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.37069 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36938 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36953 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36909 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5326 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5326, GHSA-5mwr-jg3r-jv66
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jfpr-4eze-j3f1 |
|
| 18 |
| url |
VCID-k31a-cbd1-wkh5 |
| vulnerability_id |
VCID-k31a-cbd1-wkh5 |
| summary |
Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
### Specific Go Packages Affected
github.com/kubernetes/kubernetes/pkg/apiserver |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1905 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.4653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46591 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46594 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46537 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46528 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46556 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.4651 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46533 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46472 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46478 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1905 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1905 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:S/C:N/I:P/A:N |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
|
| 2 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1905 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-1905, GHSA-xx8c-m748-xr4j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k31a-cbd1-wkh5 |
|
| 19 |
| url |
VCID-n5z8-5v21-g7e9 |
| vulnerability_id |
VCID-n5z8-5v21-g7e9 |
| summary |
Jenkins has Local File Inclusion Vulnerability
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5322 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38097 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38134 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38108 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38058 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37984 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38164 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38187 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38099 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38119 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38073 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5322 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5322, GHSA-89vc-7frq-2rfj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n5z8-5v21-g7e9 |
|
| 20 |
| url |
VCID-p7fu-cxq4-23ey |
| vulnerability_id |
VCID-p7fu-cxq4-23ey |
| summary |
stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1869 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69353 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69365 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69381 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.6936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.6941 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69426 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69449 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.6942 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69459 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00599 |
| scoring_system |
epss |
| scoring_elements |
0.69469 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1869 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-1869
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p7fu-cxq4-23ey |
|
| 21 |
| url |
VCID-q7xy-2e9v-uka8 |
| vulnerability_id |
VCID-q7xy-2e9v-uka8 |
| summary |
jenkins: directory traversal from artifacts via symlink (SECURITY-162) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1807 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32209 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32344 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32381 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32255 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32284 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32285 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32247 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.32216 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.3225 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00128 |
| scoring_system |
epss |
| scoring_elements |
0.3223 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1807 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1807
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7xy-2e9v-uka8 |
|
| 22 |
| url |
VCID-qpec-wa2s-23f3 |
| vulnerability_id |
VCID-qpec-wa2s-23f3 |
| summary |
Jenkins allows Bypass of Access Restrictions
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32064 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32103 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.321 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.3207 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32019 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.3203 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32157 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32196 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32043 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32067 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32033 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5325 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5325, GHSA-x2q2-8pwq-fr5r
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qpec-wa2s-23f3 |
|
| 23 |
| url |
VCID-r79s-gp2g-13b7 |
| vulnerability_id |
VCID-r79s-gp2g-13b7 |
| summary |
Jenkins Denial of Service vulnerability
CVE-2014-3661 jenkins: denial of service (SECURITY-87) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3661 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36511 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36536 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36543 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36508 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36485 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36528 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36422 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36595 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36628 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36465 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36516 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3661 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3661, GHSA-r5m2-g5gc-q43r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r79s-gp2g-13b7 |
|
| 24 |
| url |
VCID-tsy7-92cs-6uc1 |
| vulnerability_id |
VCID-tsy7-92cs-6uc1 |
| summary |
Jenkins discloses project names via fingerprints
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. |
| references |
| 0 |
| reference_url |
http://rhn.redhat.com/errata/RHSA-2016-0489.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/ |
|
|
| url |
http://rhn.redhat.com/errata/RHSA-2016-0489.html |
|
| 1 |
| reference_url |
https://access.redhat.com/errata/RHSA-2016:0070 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2016:0070 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5317 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96403 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96395 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96421 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96425 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.9638 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96391 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96414 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96411 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96387 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5317 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-5317 |
| reference_id |
CVE-2015-5317 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-5317 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5317, GHSA-8pqx-3rxx-f5pm
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tsy7-92cs-6uc1 |
|
| 25 |
| url |
VCID-u4qt-vmg8-tkez |
| vulnerability_id |
VCID-u4qt-vmg8-tkez |
| summary |
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3680 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22668 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22731 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22751 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22713 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22655 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22671 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22596 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22771 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22815 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22605 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22681 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3680 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3680, GHSA-8x8p-mfwv-9fjw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u4qt-vmg8-tkez |
|
| 26 |
| url |
VCID-vcqm-2bae-w3e7 |
| vulnerability_id |
VCID-vcqm-2bae-w3e7 |
| summary |
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5319 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54739 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54754 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54742 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54747 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54694 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54631 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54702 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54724 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54757 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54755 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54717 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5319 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5319, GHSA-3j9c-cp7m-8w8g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqm-2bae-w3e7 |
|
| 27 |
| url |
VCID-vznw-vuay-7bcg |
| vulnerability_id |
VCID-vznw-vuay-7bcg |
| summary |
Jenkins allows for Code Execution via Crafted Packet to the CLI
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3666 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.79031 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.79003 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.79013 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.79029 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.78989 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.79028 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.78962 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.78974 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.79005 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.78956 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.01213 |
| scoring_system |
epss |
| scoring_elements |
0.78998 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3666 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3666, GHSA-fvfh-8mj3-23xj
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vznw-vuay-7bcg |
|
| 28 |
| url |
VCID-w9zw-vvsw-3qbb |
| vulnerability_id |
VCID-w9zw-vvsw-3qbb |
| summary |
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5320 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43358 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.4333 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43267 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43319 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43323 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43308 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43369 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43245 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43301 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5320 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5320, GHSA-449q-v4j2-5h8p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9zw-vvsw-3qbb |
|
| 29 |
| url |
VCID-wu44-bxb4-2uf1 |
| vulnerability_id |
VCID-wu44-bxb4-2uf1 |
| summary |
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1813 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44054 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.4398 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44029 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44052 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.43982 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44033 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44051 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44018 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44002 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00215 |
| scoring_system |
epss |
| scoring_elements |
0.44064 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1813 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1813, GHSA-9h85-v6xf-h26q
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wu44-bxb4-2uf1 |
|
| 30 |
| url |
VCID-z2s1-ncs9-vfet |
| vulnerability_id |
VCID-z2s1-ncs9-vfet |
| summary |
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1810 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62804 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62707 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62738 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62703 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62754 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62789 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62779 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62756 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62796 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62649 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1810 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1810, GHSA-37wm-28rm-56vw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z2s1-ncs9-vfet |
|
| 31 |
| url |
VCID-zfsk-m177-9qch |
| vulnerability_id |
VCID-zfsk-m177-9qch |
| summary |
Jenkins allows Unauthorized Viewing of Queue API Information
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5324 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51686 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51837 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5183 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51762 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51736 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51788 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51803 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51824 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51774 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51723 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5324 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5324, GHSA-5xmf-9vgr-53mj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zfsk-m177-9qch |
|
| 32 |
| url |
VCID-zz2q-h9gc-p7h4 |
| vulnerability_id |
VCID-zz2q-h9gc-p7h4 |
| summary |
Jenkins Vulnerable to Denial of Service (DoS)
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1808 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.38983 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.38837 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.3897 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.3899 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.3892 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.38973 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.38988 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.39 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.38963 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00175 |
| scoring_system |
epss |
| scoring_elements |
0.38935 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1808 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1808, GHSA-3rwx-3vwh-mwxc
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zz2q-h9gc-p7h4 |
|