Lucene search
K

76 matches found

CVE
CVE
added 3 hours ago4 views

CVE-2026-56765

Summary (CVE-2026-56765): Vikunja prior to 2.2.1 contains two related authorization flaws. First, the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. Second, the GetTaskAttachment endpoint performs permission check...

9.8CVSS6.1AI score
Exploits0References2
NVD
NVD
added 13 hours ago4 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 17 hours ago4 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS5.9AI score
Exploits0References5Affected Software1
NVD
NVD
added 2 days ago9 views

CVE-2026-59253

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42268

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-52782

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...

9.9CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.5 views

CVE-2026-44732

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52913

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description An Insecure Direct Object Reference IDOR exists in the project storage settings. A project administrator can gain unauthorized access to the managed Nextclou...

9.9CVSS5.8AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48927

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS7.1AI score0.00186EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/05 9:44 p.m.12 views

EUVD-2026-31860

Bugsink: Project scoping missing in sourcemap and debug-file lookup...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 9:44 p.m.8 views

Missing Authorization

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Missing Authorization in the lookup process for sourcemaps and debug files, which was not properly scoped to the owning project. An attacker can access source context or symbolication-derived...

5.3CVSS5.4AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 9:43 p.m.13 views

EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

3.1CVSS5.4AI score0.00147EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 9:43 p.m.6 views

GHSA-G5VC-Q7QC-V939 Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known

Description Bugsink’s issue list supports bulk actions such as resolving or muting selected issues. In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to...

3.1CVSS5.4AI score0.00147EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 9:43 p.m.12 views

EUVD-2026-31861

Bugsink: Issue event views can show an event from another project if its UUID is known...

3.1CVSS5.4AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS5.6AI score0.00174EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40904

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.13 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS5.8AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.20 views

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

3.1CVSS0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 4:22 p.m.38 views

CVE-2026-47715 Bugsink: Issue event views can show an event from another project if its UUID is known

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 4:16 p.m.9 views

CVE-2026-47728 Bugsink: Project scoping missing in sourcemap and debug-file lookup

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References2
Rows per page
Query Builder