Incorrect Authorization

Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Incorrect Authorization via the PUT API endpoint when updating playbooks. A...

CVE-2021-22253

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

Rancher user retains access to clusters despite Global Role removal

Impact A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that: - Have a on in rule for resources - Hav...

Insufficient Session Expiration

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the offline session of a user not being invalidated when the...

EUVD-2020-23794

Malware in sbrugna...

EUVD-2021-9399

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected...

CVE-2025-23027

next-forge is a Next.js project boilerplate for modern web application. The BASEHUBTOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems...

CVE-2025-32955

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...

UBUNTU-CVE-2021-22253

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...

CVE-2021-22253

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...

CVE-2020-36251

Summary (supported by provided documents): CVE-2020-36251 affects OwnCloud Server and concerns a permissions/access control issue in group shares. Specifically, as described in the CVE, an attacker who already has non-administrative access to a group share can remove everyone else’s access to tha...