PT-2026-36163

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

CVE-2026-33700

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DELETE /api/v1/projects/:project/shares/:share endpoint does not verify that the link share belongs to the project specified in the URL. An attacker with admin access to any project can delete link shares...

CVE-2026-33700

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DELETE /api/v1/projects/:project/shares/:share endpoint does not verify that the link share belongs to the project specified in the URL. An attacker with admin access to any project can delete link shares...

CVE-2026-29789

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...

CVE-2025-27550

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...

CVE-2025-27550

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...

CVE-2025-27550

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...

CVE-2025-27550

CVE-2025-27550 concerns IBM Jazz Reporting Service (LQE). The issue: an authenticated user on the host network could obtain sensitive information about other projects resident on the server, indicating an information-disclosure vulnerability. IBM bulletin details affected products/versions and fi...

PT-2026-5894

Name of the Vulnerable Software and Affected Versions IBM Jazz Reporting Service affected versions not specified Description An authenticated user on the host network may be able to obtain sensitive information about other projects residing on the server. Recommendations At the moment, there is n...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-22605

OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has bee...

CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

Harbor 授权问题漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policies and role-based access control to ensure that images are scanned and are not vulnerable, and that images are signed as trusted. Harbor suffers from an authorization issue vulnerability that stems fr...

SUSE CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

SUSE CVE-2022-31247

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings such as cluster-owner, manage cluster members, project-owner and manage project members to gain owner permission in another...

CVE-2022-31247

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings such as cluster-owner, manage cluster members, project-owner and manage project members to gain owner permission in another...

Jenkins REPO Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins REPO Plugin 1.14.0 and...

Jenkins Git Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

GitLab EE 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug list, and more. A security vulnerability exists in GitLab EE version 13.11...

PT-2021-13880 · Jbpm · Jbpm

Name of the Vulnerable Software and Affected Versions: jBPM version 7.51.0.Final Description: A flaw in the BPMN editor allows any authenticated user to see the names of Ruleflow Groups from other projects, despite not having access to those projects. This poses a threat to confidentiality...