BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-13472 Missing authorization in BlazeMeter Jenkins Plugin

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-7104 Mass Assignment in danny-avila/librechat

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra...

CVE-2024-0590

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project id and add...

PT-2021-4524 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.0.8 Redmine versions 4.1.x prior to 4.1.2 Description: The issue in Redmine is related to the disclosure of project id in the issue journal. This could allow a remote attacker to access confidential data if...