Lucene search
K

103 matches found

Veracode
Veracode
added 2026/06/19 11:22 a.m.8 views

Information Disclosure

Keycloak is vulnerable to Information Disclosure. The vulnerability is due to insufficient enforcement of user profile permissions in the group members endpoint, allowing an administrator with delegated access to read group memberships and users to view user attributes that are explicitly...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References7Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41128

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

5.3CVSS5.5AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 7:52 a.m.9 views

CVE-2026-9088 Keycloak: keycloak: information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.4AI score0.00348EPSS
Exploits0References6
NCSC
NCSC
added 2026/05/15 9:27 a.m.68 views

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

8.7CVSS5.8AI score0.00355EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38301

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description When LDAP TLS is enabled via the LDAP USE TLS variable, the LDAP authentication module in the bind function unconditionally disables TLS certificate verification at the global ldap module level. This...

6.8CVSS5.9AI score0.00094EPSS
Exploits0References6
NVD
NVD
added 2026/04/22 12:16 a.m.5 views

CVE-2026-41128

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

5.3CVSS0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:32 p.m.2 views

CVE-2026-41128

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

5.3CVSS5.9AI score0.00248EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/21 11:32 p.m.8 views

EUVD-2026-24567

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

5.3CVSS5.9AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:34 p.m.7 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the actionSavePermissions process. An attacker can remove all group memberships from arbitrary users by submitting an empty groups parameter, resulting in immediate...

5.3CVSS5.9AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 2:54 p.m.5 views

GHSA-RHCG-3H8R-V6VP Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Description A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership...

7.2CVSS5.7AI score0.00257EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:53 p.m.2 views

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

7.2CVSS5.7AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/19 5:52 p.m.18 views

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 5:52 p.m.6 views

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2026/01/19 5:52 p.m.20 views

CVE-2026-23721

OpenProject suffers a permission-check flaw: if a user has the View Members permission in any project, they could enumerate all groups and see which users are in each group. This affects OpenProject versions prior to 17.0.1 and 16.6.5. The issue has been fixed in OpenProject 17.0.1 and 16.6.5. No...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.7 views

PT-2026-3474

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.1 OpenProject versions prior to 16.6.5 Description OpenProject is a web-based project management software. A permission check failure in earlier versions allowed users with the 'View Members' permission in an...

4.3CVSS5.4AI score0.00176EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/10/26 12:0 a.m.8 views

GitLab 11.7 < 18.3.5 / 18.4 < 18.4.3 / 18.5 < 18.5.1 (CVE-2025-11974)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab...

6.5CVSS5.5AI score0.00351EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/26 12:0 a.m.6 views

GitLab 11.0 < 18.3.5 / 18.4 < 18.4.3 / 18.5 < 18.5.1 (CVE-2025-11447)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab...

7.5CVSS8.6AI score0.00773EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/26 12:0 a.m.7 views

GitLab 18.4 < 18.4.3 / 18.5 < 18.5.1 (CVE-2025-6601)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab...

6.5CVSS5.5AI score0.00292EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.3 views

FreeBSD : Gitlab -- vulnerabilities (f741ea93-af61-11f0-98b5-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f741ea93-af61-11f0-98b5-2cf05da270f3 advisory. Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of servic...

8.8CVSS8.6AI score0.00773EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2025/10/22 12:0 a.m.7 views

Gitlab -- vulnerabilities

Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab CE/EE Denial of service issue in upload impacts GitLab CE/EE Incorrect Authorization issue in...

8.8CVSS7.1AI score0.00773EPSS
Exploits0References1
Rows per page
Query Builder