CVE-2026-35595

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

Cerberus FTP Server 安全漏洞

Cerberus FTP Server is a Windows-based FTP server from the American company Cerberus. It supports FTP sessions encrypted using FTPS and SFTP. Versions of Cerberus FTP Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure inheritance of permissions,...

CVE-2026-35595

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

PT-2026-31946

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the permission checking logic when changing the parent project ID, which was inconsistent with the recursive...

Fleet 授权问题漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...

Intel Graphics Software 安全漏洞

Intel Graphics Software is a graphics configuration management tool developed by Intel, a company in the United States. Versions of Intel Graphics Software prior to 25.30.1702.0 contained security vulnerabilities, which were caused by insecure permission inheritance, potentially leading to...

Mattermost Desktop < 6.0.0 (macOS) (MMSA-2025-00504)

The version of Mattermost Desktop installed on the remote host is prior to 6.0.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00504 advisory: - Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged fo...

CVE-2025-13326

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

GHSA-9X5G-62GJ-WQF2 Directus has Improper Permission Handling on Deleted Fields

Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

EUVD-2021-30008

Malicious code in bioql PyPI...

EUVD-2023-57871

Malicious code in bioql PyPI...

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...

The vulnerability of the Intel HID Event Filter driver in Intel NUC laptops’ microprogramming software allows a hacker to gain increased privileges.

The vulnerability of the Intel HID Event Filter driver in Intel NUC laptops is related to inherited permission errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

PT-2024-1573 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2024-01-31T20-20-33Z Description: The issue is related to the inheritance of permissions by access keys in MinIO, a high-performance object storage system. When an access key is created, it inherits the...

CVE-2023-34314

Insecure inherited permissions in some IntelR Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...

Improper access control

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...