10 matches found
PT-2026-31598
Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.1.8 Description The DagRun wait endpoint in Apache Airflow allows users with DAG Run read permissions, such as the Viewer role, to access XCom result values. This behavior contradicts the intended securi...
CVE-2026-31841 Raw exposure of database statements in Hyperterse MCP search tool
Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...
CVE-2026-25876
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...
CVE-2019-15727
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users...
WordPress plugin Membership Plugin – Restrict Content 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...
Mattermost 信息泄露漏洞
Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from an information disclosure vulnerability that stems from failing to check settings when presenting the results of an API call, which can be exploited by an attacker to gain access to information...
SUSE CVE-2018-1044
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings...
Mozilla: Same-origin policy violation could have leaked cross-origin URLs
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...
PT-2022-22049 · Jenkins · Jenkins Junit Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins xUnit Plugin versions 3.0.8 and earlier Description: The issue allows attackers who can control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an...
UBUNTU-CVE-2018-1044
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings...