21 matches found
CVE-2026-42098
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42098
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42098
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
PT-2026-41894
Name of the Vulnerable Software and Affected Versions Sparx Enterprise Architect versions 17.1 and earlier Description A security feature intended to limit user actions based on assigned roles can be bypassed. An authenticated attacker can modify the client behavior, for example by using a...
Oracle Linux 9 : osbuild-composer (ELSA-2026-9044)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-9044 advisory. 149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Ad...
osbuild-composer security update
149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming...
CVE-2026-25763
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763 Command Injection on OpenProject repositories leads to Remote Code Execution
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
EUVD-2026-5556
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763 Command Injection on OpenProject repositories leads to Remote Code Execution
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
CVE-2026-25763
OpenProject suffers a command-injection like arbitrary file write in the repository changes endpoint (/projects/:project_id/repository/changes) when rendering the latest changes via git log. A crafted rev parameter (for example rev=--output=/tmp/poc.txt) is interpreted by Git as an option, causin...
CVE-2026-25763 Command Injection on OpenProject repositories leads to Remote Code Execution
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...
PT-2026-6805
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the repository changes endpoint '/projects/:project id/repository/changes' when...
osbuild-composer security update
149-3.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming...
Oracle Linux 9 : osbuild-composer (ELSA-2026-1381)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1381 advisory. 149-3.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Ad...
OTCLient Injection Vulnerability
OTCLient is a replacement tibia client for otserv, written in C++20 and Lua, and is made on a modular system that uses lua scripting to implement in-game interfaces and features. OTCLient suffers from an injection vulnerability. An attacker could use this vulnerability to remotely run commands on...
PT-2024-18975
Name of the Vulnerable Software and Affected Versions OTCLient versions prior to commit db560de0b56476c87a2f967466407939196dd254 Description The issue concerns an expression injection vulnerability in the /mehah/otclient "Analysis - SonarCloud" workflow, allowing an attacker to run commands...