18 matches found
CVE-2026-9251
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...
PT-2026-47562
Impact Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could be...
CVE-2026-9251
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...
EUVD-2026-31463
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...
CVE-2026-9251
The CVE-2026-9251 issue affects Devolutions Server versions 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier. The vulnerability arises from missing authorization in the entry status management feature, allowing a non-administrator authenticated user to bypass the administrator-enforced Pending ...
CVE-2026-9251
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...
CVE-2026-9251
Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...
CVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
EUVD-2025-201457
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515
The CVE describes an authorization flaw in the Nextcloud Approval app where an authenticated user listed as a workflow requester can place another user’s file into the “pending approval” state using the file’s numeric id, without having access to the file. This affects versions prior to 1.3.1 and...
Approval app allows users to request approval for other users file
None...
Nextcloud 授权问题漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates from a requestor being able to set another person's file to a pending approval...
Harvest: Project Manager can approve pending reports(Access control Issue)
Hi Team, Description : Project manager can't access the Pending approval section of Timesheet. So he should not be able to approve any reports of any user. But the approve report is working for project manager and he is able to approve reports of any user. Vulnerable HTTP request : POST...
Moodle Cross-Site Scripting Vulnerability
Moodle is an open source web-based teaching and learning application. A cross-site scripting vulnerability exists in the Moodle pending approval page, which allows remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack...