CVE-2026-57304

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

CVE-2026-57304

CVE-2026-57304 affects the Jenkins Assembla Plugin (versions ≤ 1.4). The root cause is a missing permission check, allowing attackers who have Overall/Read permission to instruct the plugin to connect to an attacker-specified URL using attacker-specified credentials. The description in connected ...

CVE-2026-24095

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permissio...

CVE-2025-21079

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2025-62778

Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL...

GHSA-5FX5-CFF6-F3FP Liferay Portal Unauthenticated File Access via URL

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

Extreme Networks ExtremeXOS 安全漏洞

Extreme Networks ExtremeXOS is a software or network operating system used in a network switch from Extreme Networks USA. A security vulnerability exists in Extreme Networks ExtremeXOS that stems from an inability to restrict URL access, which could allow an attacker to access sensitive informati...

Skylark Holdings Skylark App 安全漏洞

Skylark Holdings Skylark App is a mobile application from Skylark Holdings, a Japanese company. A security vulnerability exists in the Skylark Holdings Skylark App that stems from a custom URL access feature that is not properly restricted...

Jenkins Plugin Benchmark Evaluator 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

gaoxiaotingtingting directory traversal vulnerability

The Node.js module gaoxiaotingtingting is an HTTP server. A directory traversal vulnerability exists in gaoxiaotingtingting. An attacker can exploit this vulnerability by placing ". /" in a url to access the file system...

Desafio Directory Traversal Vulnerability

desafio is a web server. A directory traversal vulnerability exists in desafio. An attacker can exploit this vulnerability by placing "... /" in a URL to access the file system...

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2018-05178)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

IBM Rational Collaborative Lifecycle Management Unspecified Vulnerability

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...

CVE-2017-5139

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password...

PT-1997-1156 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a guessable password for accessing a WWW URL. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...