Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52173

Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module does not sufficiently restrict access to unpublished library items within lists. Th...

6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 6:14 p.m.11 views

CVE-2026-53439

A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...

4.3CVSS5.1AI score0.00234EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/04 2:50 p.m.7 views

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

3.1CVSS7AI score0.00205EPSS
Exploits0References5
OSV
OSV
added 2024/08/07 3:30 p.m.3 views

GHSA-8PV9-QH96-9HC6 Jenkins does not perform a permission check in an HTTP endpoint

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "...

5.4CVSS5.9AI score0.04263EPSS
Exploits0References6
Rows per page
Query Builder