PT-2026-36820

Name of the Vulnerable Software and Affected Versions @clerk/clerk-js versions prior to 5.125.10 @clerk/clerk-js versions prior to 6.7.5 @clerk/shared affected versions not specified @clerk/nextjs affected versions not specified @clerk/backend affected versions not specified Description...

CVE-2023-24452

A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2022-22982

The vCenter Server contains a server-side request forgery SSRF vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service...

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2020-2273

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2019-10463

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-25245 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...

CVE-2024-37359

Hitachi Vantara Pentaho Business Analytics Server is affected by a server-side request forgery issue due to not validating the Host header of incoming HTTP/HTTPS requests. Affected versions include Pentaho Server prior to 10.2.0.0 and 9.3.0.9, including 8.3.x. The issue allows an attacker to prov...

RHEL 6 : openstack-swift (RHSA-2014:0367)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0367 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...

CVE-2024-8586

The CVE-2024-8586 case relates to Uniong WebITR, where an Open Redirect vulnerability could allow an attacker to forge URLs and redirect users to a page of the attacker’s choosing, potentially aiding phishing. Several sources corroborate that WebITR is the affected software and describe input-val...

CVE-2023-50779

Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token...

CVE-2023-24453

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2022-41965

Opencast prior to version 12.5 is affected by an authenticated open-redirect vulnerability in the Paella authentication page. An attacker could redirect authenticated users to arbitrary external URLs, potentially enabling phishing or other security issues. The issue is fixed in Opencast 12.5 and ...

Server side request forgery (ssrf)

A Server-side request forgery SSRF flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of...

Automatically opening IE + Executing attachments

GreyMagic Security Advisory GM002-IE ===================================== By GreyMagic Software, Israel. 22 Mar 2002. Available in HTML format at http://security.greymagic.com/adv/gm002-ie/ Topic: Automatically opening IE + Executing attachments. Discovery date: 15 Mar 2002. Important note:...