Lucene search
K

225 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42890

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-56765

Summary (CVE-2026-56765): Vikunja prior to 2.2.1 contains two related authorization flaws. First, the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. Second, the GetTaskAttachment endpoint performs permission check...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-7492

A flaw was found in GitLab. Under certain conditions, an unauthenticated user could determine the existence of a private project. This information disclosure is possible due to improper authorization controls on cross-project reference pages. This vulnerability allows an attacker to gain sensitiv...

5.3CVSS6AI score0.00254EPSS
Exploits0References6
NVD
NVD
added 4 days ago7 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS0.00426EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42777

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-44918

OpenStack Ironic (up to 37.0.1) allows an authenticated project manager to create/modify nodes across projects without authorization, potentially misconfiguring which project owns a node and exposing secrets stored in volume connectors/targets. Red Hat notes a specific flaw where a manager can re...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS0.00426EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

GitLab 9.1 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-7492)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 6 days ago6 views

CVE-2026-7492

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

5.3CVSS0.00254EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-7492 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS0.00254EPSS
Exploits0References3
CVE
CVE
added 6 days ago67 views

CVE-2026-7492

GitLab CE/EE vulnerable in all versions before patch levels: 18.11.7 for 9.1–18.11.x, 19.0.4 for 19.0.x, and 19.1.2 for 19.1.x. The issue allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross‑project reference pages. Impact...

5.3CVSS6AI score0.00254EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00254EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-59253

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42268

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56616

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.1 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description Improper authorization controls on cross-project reference pages could allow an unauthenticated user to...

5.3CVSS6.1AI score0.00254EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-52779

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries...

5.4CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-52782

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...

9.9CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.5 views

CVE-2026-44732

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:39 p.m.23 views

CVE-2026-44732 OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "project_id" leads to Unauthorized Modification of Resources

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS0.00201EPSS
Exploits0References1
Rows per page
Query Builder