4 matches found
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component when HTTP redirects are followed without re-validating the allowed URIs. An attacker can cause unauthorized network requests to internal services and inclusion of untruste...
JetBrains TeamCity untrusted build sets up cross-site scripting vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...
PT-2022-19387 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 564.ve62a 4eb b e039 and earlier, except version 2.21.3 Description: The issue allows attackers who can submit pull requests, but not commit directly to the configured SCM, to change t...