11 matches found
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
EUVD-2025-34697
A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...
PT-2025-39160
Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some for permission validation,...
COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092
This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...
DRUPAL-CONTRIB-2025-075
This module provides a format filter, which allows you to "disable" certain HTML elements e.g. remove their src attribute specified by the user. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attribute...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.5.1 release
Red Hat OpenShift distributed tracing platform Tempo 3.5.1 has been released Release of Red Hat OpenShift distributed tracing provides following security improvements, bug fixes, and new features. The Red Hat OpenShift distributed tracing Tempo 3.5.1 is based on the open source...
GHSA-FPG6-XQJ4-J7WF Jenkins Jira Plugin Incorrect Authorization vulnerability
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
jenkins: Stored XSS vulnerability in console links
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
Troubleshooting Guest Processing Issues | "Test Now" or "Verify network connectivity and credentials"
Article Applicability This article's primary focus is on traditional credentials-based authentication. For environments using a Group Managed Service Account gMSA, please review the User Guide first to ensure you are familiar with all the Requirements and Limitations of gMSA usage. Challenge Skip...
CVE-2019-3398
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...