PT-2026-40853

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with Guest permissions can view issues in projects they a...

EUVD-2026-11061

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

CVE-2025-15395

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability...

PT-2025-51322

Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0 Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents. Recommendations Update...

CVE-2025-13472

CVE-2025-13472 concerns the BlazeMeter Jenkins Plugin. The Red Hat and NVD entries, plus multiple security advisories, confirm that versions prior to 4.27 expose a list of sensitive resources (credential IDs, BlazeMeter workspaces, and project IDs) to users who should not have access. The underly...

CVE-2025-43024

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

PT-2025-44062

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A GUI dialog within an application permits unauthorized viewing of files present in the file system. This occurs due to a lack of appropriate authorization checks when displaying file system contents...

HubSpot 安全漏洞

HubSpot is a customer relationship management platform in the United States. A security vulnerability exists in HubSpot version v1.29441, which stems from improper access control of REST API endpoints and could lead to unauthorized viewing of user data...

EUVD-2024-16622

Malicious code in bioql PyPI...

EUVD-2025-15733

Malicious code in bioql PyPI...

HCL BigFix Remote Control Server WebUI 安全漏洞

HCL BigFix Remote Control Server WebUI is a web user interface for remote management and control from HCL India. A security vulnerability exists in HCL BigFix Remote Control Server WebUI version 10.1.0.0248 and prior versions, which stems from improper access restriction and could lead to...

CVE-2024-40480

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access...

CVE-2024-56350

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects...

Navidrome allows an authentication bypass in Subsonic API with non-existent username

Summary In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error. Details A flaw...

CVE-2025-27112 Navidrome has authentication bypass in Subsonic API with non-existent username

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

CVE-2024-49589 Foundry artifacts denial of service

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

CVE-2022-36092

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...

CVE-2024-56350

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects...

CVE-2024-56350

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects...

PT-2024-9850 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to a lack of authorization in the JetBrains TeamCity system, which can be exploited by a remote attacker to impact the integrity of protected information. This...