4 matches found
PT-2026-52173
Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module does not sufficiently restrict access to unpublished library items within lists. Th...
CVE-2026-53439
A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table
An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...
GHSA-8PV9-QH96-9HC6 Jenkins does not perform a permission check in an HTTP endpoint
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "...