Nautobot: GitRepository.current_head field should not be writable through REST API

Impact A user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clones of the relevant repository to checkout a commit other than the latest...

PT-2026-40720

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description A user with permissions to add or modify a GitRepository record can use the REST API to directly set the current head field, which is not intended to be...

PT-2025-5359 · Jenkins · Jenkins Folder-Based Authorization Strategy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Folder-based Authorization Strategy Plugin versions 217.vd5b 18537403e and earlier Description: The issue potentially allows users who were formerly granted certain permissions to access functionality they are no longer entitled to,...

PT-2024-39560 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

PT-2024-4729 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin versions prior to 2.003 Description: The issue is related to improper handling of insufficient permissions or privileges in the ajaxterm module of Webmin. This could allow an unauthorized user to hijack a console session, potentially...

PT-2024-19007 · Pimcore · Pimcore Ecommerce Framework Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Ecommerce Framework Bundle versions prior to 1.0.10 Description: The issue allows an authenticated and unauthorized user to access the back-office orders list and query over the information returned due to a lack of enforced access...

PT-2023-22402 · Twilight · Twilight

Name of the Vulnerable Software and Affected Versions: Twilight version 13.3 Description: The issue allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. This can lead to unauthorized access and control. Recommendations: For Twilight version...

PT-2021-10137 · Unknown · Indexhibit

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: An issue in the "/config/config.php" component allows attackers to arbitrarily view files. Recommendations: For Indexhibit version 2.1.5, consider restricting access to the "/config/config.php" component...