16 matches found
CVE-2026-26012
CVE-2026-26012 affects vaultwarden (unofficial Bitwarden server in Rust). Prior to 1.35.3, a regular organization member could retrieve all ciphers within an organization via the /ciphers/organization-details endpoint, which internally uses Cipher::find_by_org and returns ciphers with CipherSyncT...
EUVD-2023-36561
Malicious code in bioql PyPI...
EUVD-2023-44092
Malicious code in bioql PyPI...
CVE-2023-28623
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2023-32311
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...
forgejo -- multiple vulnerabilities
Problem Description: It was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action registration, password reset or secondary email validation could be used to perform a different action. It is no longer...
Grafana org admins can modify permissions across all orgs
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32311
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...
Design/Logic Flaw
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...
CVE-2023-32311
The CVE-2023-32311 issue affects CloudExplorer Lite prior to v1.1.0, where there is an insufficient check of organization/workspace permissions, allowing a user to add themselves to any organization. Multiple connected sources confirm this vulnerability, its fixed status in version 1.1.0, and the...
PT-2023-23721 · Unknown · Cloudexplorer Lite
Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite versions prior to 1.1.0 Description: The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixe...
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...