UBUNTU-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

Jenkins < 2.176.4 LTS / 2.197 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.197 or is a version of Jenkins LTS prior to 2.176.4. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the /whoAmI/ URL due to the exposed 'Cookie' HTTP Header. An...

PT-2019-11797 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier Description: The issue results from the failure to escape the SCM tag name on the tooltip for SCM tag actions, leading to a stored XSS vulnerability. This can be...

CVE-2018-8840

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution...