19 matches found
EUVD-2026-23902
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...
CVE-2026-30269
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...
CVE-2026-30269
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...
CVE-2026-30269
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...
CVE-2026-30269
CVE-2026-30269 affects Doorman (v0.1.0 and v1.0.2). The issue is improper access control where an authenticated user can update their own account role to a non-admin privileged role via /platform/user/{username}. The update model accepts the role field without a manage_users permission check for ...
doorman 安全漏洞
Doorman is a configuration manager developed by Marcin Wielgoszewski. Versions 0.1.0 and 1.0.2 of Doorman contain security vulnerabilities. These vulnerabilities stem from improper access control, allowing any authenticated user to update their own account role to a non-administrator privilege ro...
PT-2026-33801
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manage users permission check for self-updates, enabling privile...
CVE-2026-30269
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153 mwielgoszewski doorman views.py is_safe_url redirect
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
EUVD-2026-5796
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153 mwielgoszewski doorman views.py is_safe_url redirect
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
The CVE-2026-2153 entry targets the mwielgoszewski doorman project (up to version 0.6) and affects the is_safe_url function in doorman/users/views.py. The issue arises from manipulating the Next argument, allowing an open redirect. Exploitation is possible remotely, and public disclosure of the e...
doorman 输入验证错误漏洞
Doorman is a configuration manager developed by Marcin Wielgoszewski. Versions of Doorman prior to 0.6 contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter “Next” in the file “doorman/users/views.py”, which could lead to...
PT-2026-6981
Name of the Vulnerable Software and Affected Versions mwielgoszewski doorman versions prior to 0.7 Description A flaw exists in the is safe url function within the doorman/users/views.py file. Manipulation of the Next argument can result in an open redirect. This issue can be exploited remotely...
Facebook Debuts Open Source Detection Tool for Windows
Facebook successfully ported its SQL-powered detection tool, osquery, to Windows this week, giving users a free and open source method to monitor networks and diagnose problems. The framework, which converts operating systems to relational databases, allows users to write SQL-based queries to...