21 matches found
CVE-2026-16119
CVE-2026-16119 affects nextlevelbuilder GoClaw up to 3.13.2, specifically the WebSocket Approval Endpoint’s internal/tools/exec_approval.go, function RequestApproval. A manipulation can cause incorrect authorization, and the attack can be carried out remotely. The exploit has been made public, wi...
CVE-2026-16119 nextlevelbuilder GoClaw WebSocket Approval Endpoint exec_approval.go RequestApproval authorization
A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...
GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...
Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...
CVE-2026-24039
Horilla is a free and open source Human Resource Management System HRMS. Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to administrator or high-privilege roles only;...
EUVD-2018-0615
Malware in sbrugna...
CVE-2025-8969
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approveuser.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has be...
PT-2023-14304
Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description The issue concerns two legacy REST API endpoints for approval and request access that are vulnerable to cross-site request forgery. Recommendations For Apache...
spring-security-oauth: Privilege escalation by manipulating saved authorization request
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
Privilege Escalation
spring-security-oauth2 is vulnerable to privilege escalation. The library does not properly handle the AuthorizationRequest parameter state, allowing a malicious user to pass a request to an approval endpoint and modify a previous authorization request, leading to a privilege escalation...
Authorization
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758 Privilege Escalation in spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
spring-security-oauth: remote code execution in the authorization process
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
Privilege Escalation in spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-1260
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
Remote code execution
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...
Spring Security OAuth Remote Command Execution Vulnerability (CNVD-2018-09368)
Spring is a lightweight Java development framework . Security OAuth provides a Spring Security authorization filter. A remote command execution vulnerability exists in Spring Security OAuth. A malicious user or attacker can make an authorization request to an authorization endpoint that results i...
Remote Code Execution (RCE)
spring-security-oauth2 is vulnerable to remote code execution RCE attacks. The vulnerability occurs when a malicious user can insert an RCE payload into an authorization request to the authroization endpoint, and is executed when the resource owner is forwarded to the approval endpoint. This...