Lucene search
+L

51 matches found

OSV
OSV
added 2026/06/26 6:59 p.m.3 views

CVE-2026-52782 OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...

9.9CVSS5.9AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 6:59 p.m.25 views

CVE-2026-52782

OpenProject versions prior to 17.3.3 and 17.4.1 are affected by an IDOR in /projects//settings/project_storages/ via PATCH parameter storages_project_storage[project_folder_id], allowing a project-admin to hijack another project’s managed Nextcloud/OneDrive folder on the same storage. The vulnera...

9.9CVSS5.7AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.4AI score0.00427EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46138

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An authenticated project admin or manager can read local files on the Ironic conductor by exploiting the pxe template variable. Recommendations Update to version 35.0.2 or later...

4.9CVSS5.4AI score0.00283EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/05/19 9:54 p.m.8 views

CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References4
CVE
CVE
added 2026/05/19 9:54 p.m.19 views

CVE-2026-34390

MantisBT before 2.28.2 is affected by a Privilege Escalation in ProjectUsersAddCommand (manage_proj_user_add.php). A user with manage_project_threshold (default manager) can forge a higher access_level value and grant project-level administrator rights to any user within a project they manage, by...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:54 p.m.9 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/19 9:54 p.m.12 views

EUVD-2026-30994

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00427EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 9:54 p.m.2 views

CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.9AI score0.00427EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.8 views

MantisBT Vulnerable to Privilege Escalation from Manager to Administrator

Insufficient access control checks in ProjectUsersAddCommand used in manageprojuseradd.php and REST API endpoint PUT /project/id/users allows users having manageprojectthreshold access level manager by default to grant project-level administrator access to any user including themselves in any...

5.1CVSS5.9AI score0.00427EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/08 9:59 p.m.4 views

CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.9AI score0.00162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/22 10:31 p.m.16 views

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

5.4CVSS6.7AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/22 12:31 a.m.5 views

EUVD-2025-198515

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

5.4CVSS6.2AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 10:16 p.m.6 views

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

5.4CVSS0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-7395

Malware in sbrugna...

4.8CVSS5.4AI score0.00646EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-6323

Malware in sbrugna...

4.8CVSS4.9AI score0.0194EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-6971

Malware in sbrugna...

4.8CVSS5.5AI score0.00599EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/27 1:10 a.m.4 views

SUSE CVE-2025-47284

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...

9.9CVSS6.6AI score0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.6 views

CVE-2023-30550

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

6.8CVSS6.6AI score0.0067EPSS
Exploits1References1
OSV
OSV
added 2025/05/19 6:46 p.m.6 views

CVE-2025-47283 Bypassing project secret validation can lead to privilege escalation

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain...

9.9CVSS8.9AI score0.00538EPSS
Exploits0References7
Rows per page
Query Builder