| 0 |
| url |
VCID-619d-pxn6-fkce |
| vulnerability_id |
VCID-619d-pxn6-fkce |
| summary |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60611 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60443 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60519 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60545 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60514 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60563 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60579 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.606 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60585 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60565 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60605 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7537 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7537 |
| reference_id |
CVE-2015-7537 |
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7537 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7537, GHSA-3vhr-f5xr-8vpx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-619d-pxn6-fkce |
|
| 1 |
| url |
VCID-8g3u-4dyc-6fak |
| vulnerability_id |
VCID-8g3u-4dyc-6fak |
| summary |
Jenkins has Information Disclosure via Sidepanel Widget
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5321 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.4333 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43358 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43369 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43245 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43301 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43308 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43323 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43319 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43267 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5321 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5321, GHSA-4653-rmch-3g2g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8g3u-4dyc-6fak |
|
| 2 |
| url |
VCID-8q9g-qfve-93ba |
| vulnerability_id |
VCID-8q9g-qfve-93ba |
| summary |
Jenkins does not Verify Checksums for Plugin Files
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7539 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.7747 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77431 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77434 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77454 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77468 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77389 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77409 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77383 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.77376 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.0104 |
| scoring_system |
epss |
| scoring_elements |
0.7742 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7539 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7539 |
| reference_id |
CVE-2015-7539 |
| reference_type |
|
| scores |
| 0 |
| value |
7.6 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:H/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7539 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7539, GHSA-x274-9m9r-fm5g
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8q9g-qfve-93ba |
|
| 3 |
| url |
VCID-ejrj-pum8-9qa3 |
| vulnerability_id |
VCID-ejrj-pum8-9qa3 |
| summary |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5318 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18157 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18203 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18199 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18143 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.1806 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18147 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18358 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18061 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18048 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18106 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5318 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5318, GHSA-3wmv-7php-rhg5
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
6.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ejrj-pum8-9qa3 |
|
| 4 |
| url |
VCID-gbeg-v39c-hfe5 |
| vulnerability_id |
VCID-gbeg-v39c-hfe5 |
| summary |
Jenkins allows Administrators to Access API Tokens
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5323 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42166 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42203 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.4218 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42169 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42118 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42092 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42151 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42178 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42165 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.4219 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00201 |
| scoring_system |
epss |
| scoring_elements |
0.42139 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5323 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5323, GHSA-x4m5-j4x4-4wjg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gbeg-v39c-hfe5 |
|
| 5 |
| url |
VCID-hkx6-feah-ckgv |
| vulnerability_id |
VCID-hkx6-feah-ckgv |
| summary |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7538 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.4624 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46281 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.463 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46247 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46302 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46326 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46298 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46307 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00234 |
| scoring_system |
epss |
| scoring_elements |
0.46364 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7538 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7538 |
| reference_id |
CVE-2015-7538 |
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7538 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7538, GHSA-w7qm-fprw-cqgq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hkx6-feah-ckgv |
|
| 6 |
| url |
VCID-hw73-944y-ubdp |
| vulnerability_id |
VCID-hw73-944y-ubdp |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7536 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52291 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52248 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52319 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52394 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52389 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.5235 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52364 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.5238 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.5233 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52335 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00289 |
| scoring_system |
epss |
| scoring_elements |
0.52282 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7536 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7536 |
| reference_id |
CVE-2015-7536 |
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:S/C:N/I:P/A:N |
|
| 1 |
| value |
5.4 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7536 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7536, GHSA-x3p3-929j-pq66
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hw73-944y-ubdp |
|
| 7 |
| url |
VCID-jfpr-4eze-j3f1 |
| vulnerability_id |
VCID-jfpr-4eze-j3f1 |
| summary |
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36934 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36969 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.3696 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36948 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36897 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36866 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.37035 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.37069 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36938 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36953 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0016 |
| scoring_system |
epss |
| scoring_elements |
0.36909 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5326 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5326, GHSA-5mwr-jg3r-jv66
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jfpr-4eze-j3f1 |
|
| 8 |
| url |
VCID-n5z8-5v21-g7e9 |
| vulnerability_id |
VCID-n5z8-5v21-g7e9 |
| summary |
Jenkins has Local File Inclusion Vulnerability
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5322 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38097 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38134 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38108 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38058 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37984 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38164 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38187 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38099 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38119 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38073 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5322 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5322, GHSA-89vc-7frq-2rfj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n5z8-5v21-g7e9 |
|
| 9 |
| url |
VCID-qpec-wa2s-23f3 |
| vulnerability_id |
VCID-qpec-wa2s-23f3 |
| summary |
Jenkins allows Bypass of Access Restrictions
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32064 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32103 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.321 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.3207 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32019 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.3203 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32157 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32196 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32043 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32067 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00127 |
| scoring_system |
epss |
| scoring_elements |
0.32033 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5325 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5325, GHSA-x2q2-8pwq-fr5r
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qpec-wa2s-23f3 |
|
| 10 |
| url |
VCID-tsy7-92cs-6uc1 |
| vulnerability_id |
VCID-tsy7-92cs-6uc1 |
| summary |
Jenkins discloses project names via fingerprints
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. |
| references |
| 0 |
| reference_url |
http://rhn.redhat.com/errata/RHSA-2016-0489.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/ |
|
|
| url |
http://rhn.redhat.com/errata/RHSA-2016-0489.html |
|
| 1 |
| reference_url |
https://access.redhat.com/errata/RHSA-2016:0070 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:39:09Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2016:0070 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5317 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96403 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96395 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96421 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96425 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.9638 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96391 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96414 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96411 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.27392 |
| scoring_system |
epss |
| scoring_elements |
0.96387 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5317 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-5317 |
| reference_id |
CVE-2015-5317 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-5317 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5317, GHSA-8pqx-3rxx-f5pm
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tsy7-92cs-6uc1 |
|
| 11 |
| url |
VCID-vcqm-2bae-w3e7 |
| vulnerability_id |
VCID-vcqm-2bae-w3e7 |
| summary |
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5319 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54739 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54754 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54742 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54747 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54694 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54631 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54702 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54724 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54757 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54755 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00316 |
| scoring_system |
epss |
| scoring_elements |
0.54717 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5319 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5319, GHSA-3j9c-cp7m-8w8g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqm-2bae-w3e7 |
|
| 12 |
| url |
VCID-w9zw-vvsw-3qbb |
| vulnerability_id |
VCID-w9zw-vvsw-3qbb |
| summary |
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5320 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43358 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.4333 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43267 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43319 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43354 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43323 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43308 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43369 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43245 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43301 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5320 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5320, GHSA-449q-v4j2-5h8p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9zw-vvsw-3qbb |
|
| 13 |
| url |
VCID-zfsk-m177-9qch |
| vulnerability_id |
VCID-zfsk-m177-9qch |
| summary |
Jenkins allows Unauthorized Viewing of Queue API Information
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5324 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51686 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51837 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.5183 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51762 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51736 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51788 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51803 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51824 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51774 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51723 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5324 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5324, GHSA-5xmf-9vgr-53mj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zfsk-m177-9qch |
|