Lucene search
K

28 matches found

NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-52779

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries...

5.4CVSS0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS5.6AI score0.00174EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Im Park DijiDemi 安全漏洞

Im Park DijiDemi is an educational software developed by Im Park Company in Turkey. Versions of Im Park DijiDemi from 4.5.12.1 to 4.5.13.0 had security vulnerabilities. These vulnerabilities were caused by authorization bypasses due to user control keys, which could lead to permission abuse...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

MeWare PDKS 安全漏洞

MeWare PDKS is a personnel management system for enterprise attendance and access control developed by the Turkish company MeWare. Versions of MeWare PDKS from V16.20200313 to VMYR3.5.2025117 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 3:12 p.m.8 views

EUVD-2026-23870

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2026/03/17 9:59 a.m.5 views

Google cracks down on Android apps abusing accessibility

Google just dropped a bombshell for app developers with the latest version of its Android mobile operating system. The company can now prevent apps from installing if they try to use the system's accessibility features. The new development, live in version 17.2 of Android, is all about security,...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and allows for remote maintenance of computers and other devices. Versions of RustDesk 1.7.5 and earlier, as well as 1.1.15 and earlier, have security vulnerabilities. These...

9.8CVSS5.8AI score0.00648EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities, which stem from permission abuse...

9.8CVSS5.8AI score0.00376EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.8 views

CVE-2023-4658

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS6.4AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.8 views

PT-2025-49143

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

6.8AI score0.00249EPSS
Exploits1References3
OSV
OSV
added 2025/09/01 12:0 a.m.8 views

ASB-A-397216537

In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS6.8AI score0.00088EPSS
Exploits0References2
NCSC
NCSC
added 2025/03/14 9:14 a.m.8 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

9.8CVSS9.8AI score0.63792EPSS
Exploits6References1
SUSE CVE
SUSE CVE
added 2025/03/07 2:38 a.m.2 views

SUSE CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136...

3.9CVSS7.2AI score0.00175EPSS
Exploits0References4
OSV
OSV
added 2024/12/18 11:15 p.m.3 views

CVE-2024-41159

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use...

7.1CVSS5.8AI score0.00818EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/12 3:23 a.m.3 views

Falsification and eavesdropping of contents across multiple websites via Web Rehosting services

Overview Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in NDSS 2020. "Web Rehosting" is the name of a grou...

6.8AI score
Exploits0References2
OSV
OSV
added 2024/08/25 12:15 p.m.5 views

CVE-2024-8011

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:58 a.m.27 views

BIT-GITLAB-2023-4658 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS3.6AI score0.00385EPSS
Exploits0References3
NVD
NVD
added 2023/12/01 7:15 a.m.15 views

CVE-2023-4658

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS0.00385EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/12/01 7:1 a.m.15 views

CVE-2023-4658

Removed by vendor...

3.1CVSS5.8AI score0.00385EPSS
Exploits0
Rows per page
Query Builder