2 matches found
CVE-2026-57297
CVE-2026-57297 affects Jenkins via the Contrast Continuous Application Security Plugin (3.11 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access cause a connection to an attacker‑specified URL using attacker‑provided credentials (username, API key, s...
CVE-2026-33708
Chamilo LMS exposes PII via the get_user_info_from_username REST endpoint before version 1.11.38. Any authenticated user (including students) can retrieve another user’s email, first name, last name, user ID, and active status due to missing authorization checks. This has been fixed in 1.11.38. R...