Lucene search
+L

193 matches found

nuclei
nuclei
added yesterday17 views

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

8.6CVSS7AI score0.49051EPSS
Exploits0References4
nvd
nvd
added 2026/06/18 9:16 p.m.15 views

CVE-2026-49248

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/18 7:54 p.m.9 views

CVE-2026-49248

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS5.5AI score0.00382EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/06/18 7:54 p.m.20 views

CVE-2026-49248 OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
cve
cve
added 2026/06/18 7:54 p.m.28 views

CVE-2026-49248

OneDev CVE-2026-49248 affects versions 15.0.6 and earlier. TarUtils.untar() creates symbolic links using entry getLinkName() without validating absolute path targets; a following file entry can traverse the symlink and write to arbitrary server-side locations. This enables RCE-like behavior for a...

8.3CVSS5.4AI score0.00382EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/08 2:58 a.m.12 views

CVE-2026-11441

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/08 2:58 a.m.13 views

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References1
nvd
nvd
added 2026/06/06 6:16 p.m.13 views

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS0.00214EPSS
Exploits0References6
nvd
nvd
added 2026/06/06 6:16 p.m.12 views

CVE-2026-11441

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS0.00214EPSS
Exploits0References6
nvd
nvd
added 2026/06/06 6:16 p.m.18 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS0.00214EPSS
Exploits0References6
euvd
euvd
added 2026/06/06 5:45 p.m.12 views

EUVD-2026-34976

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/06 5:30 p.m.9 views

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References7Affected Software1
euvd
euvd
added 2026/06/06 5:30 p.m.10 views

EUVD-2026-34975

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
euvd
euvd
added 2026/06/06 5:15 p.m.12 views

EUVD-2026-34974

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS
Exploits0References6
cve
cve
added 2026/06/06 5:15 p.m.26 views

CVE-2026-11439

The vulnerability CVE-2026-11439 affects Theonedev Onedev up to version 15.0.5 in the Parent Project Handler, specifically the /projects/ function where manipulating the argument project.parentId leads to improper authorization. The attack may be executed remotely. A fix is available in version 1...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References6
euvd
euvd
added 2026/06/06 5:0 p.m.12 views

EUVD-2026-34973

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS5.1AI score0.00214EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/06 12:0 a.m.15 views

PT-2026-47164

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the REST API component. A remote attacker can manipulate the project.defaultBranch argument within the '/repositories/projectId/default-branch' endpoint to bypass...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/06 12:0 a.m.18 views

PT-2026-47160

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization occurs in the '/projects' file due to the manipulation of the project.forkedFromId argument. This issue allows a remote attacker to bypass authorization controls. Recommendatio...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/06 12:0 a.m.13 views

PT-2026-47165

Name of the Vulnerable Software and Affected Versions Onedev versions prior to 15.0.6 Description Improper authorization exists in the Pull Request Handler component within the /issues/ file. Specifically, the canAccessIssue function fails to properly validate the issue argument, allowing a remot...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.12 views

OneDev 授权问题漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. OneDev versions 15.0.5 and earlier have...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References6
Rows per page
Query Builder