EUVD-2026-32152

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the remote management service, which allows unauthorized or unauthorized users to...

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the gateway proxy RPC interface failing to effectively restrict the spawnedBy and workspaceDir parameters when verifying permissions. The vulnerability...

CVE-2026-4202

The CVE-2026-4202 issue concerns the TYPO3 extension Redirect Tab (also reflected in Red Hat, Snyk, GHSA, OSV entries). The root cause is missing authorization verification in the redirects flow, allowing an authenticated user with limited privileges to access or edit redirects and potentially ex...

EUVD-2022-34545

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions...

Mattermost Fails to Verify User's Permissions When Accessing Groups

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

CVE-2024-47766 Permissions are incorrectly verified for project administrators in the cross tracker search widget

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictio...

Code injection

Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted endpoint...

Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

CVE-2023-2786 Channel commands execution doesn't properly verify permissions

Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands...

CVE-2022-2270

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...

UBUNTU-CVE-2022-2270

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...

CVE-2022-2270

Removed by vendor...

CVE-2022-2270

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...

CVE-2022-2270

GitLab CVE-2022-2270 affects GitLab installations where versions are 12.4 before 14.10.5, 15.0 before 15.0.4, or 15.1 before 15.1.1. The issue is that Conan package names were leaked due to incorrect permissions verification. The vulnerability is disclosed in the CVE record and related sources; n...

CVE-2022-20614

A missing permissions verification vulnerability was found in the Jenkins Mailer plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname...

Design/Logic Flaw

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...

Input validation

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...

Moodle 2.3.x < 2.3.2 Multiple Vulnerabilities

Binary data 9409.prm...