Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

EUVD-2021-25549

Malware in sbrugna...

grafana: CSRF vulnerability can lead to privilege escalation

A Cross-site request forgery CSRF vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, editors or admins. An attacker can exploit this vulnerability for...

CVE-2019-14997

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

CVE-2019-14997

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

PT-2017-18981 · Atlassian · Fisheye/Crucible

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye and Crucible versions prior to 4.4.1 Description: The issue allows anonymous remote attackers to access sensitive information, such as email addresses of committers, due to a lack of permission checks in the...