NextCloud Collectives Access Control Vulnerability

NextCloud Collectives is an open-source collaboration and knowledge management tool developed by NextCloud. In versions 2.6.0 to 4.3.0 of NextCloud Collectives, there was a security vulnerability related to access control. This vulnerability stemmed from a lack of permission checks, which could...

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the REST API, which failed to enforce user viewing permissions when creating or updating objects using...

Talend Administration Center 安全漏洞

Talend Administration Center is a web-based application developed by Talend Corporation in the United States. It allows for centralized management of workspaces. There is a security vulnerability in Talend Administration Center, which stems from ineffective access control. This vulnerability may...

CVE-2026-24907

CVE-2026-24907 affects October CMS: versions prior to 3.7.14 and 4.1.10 contain a stored XSS in the Event Log mail preview feature. HTML is rendered in an iframe without proper sandboxing when viewing logged mail messages, allowing JavaScript execution in the viewer’s browser context. The issue i...

Incorrect Use of Privileged APIs

Overview Affected versions of this package are vulnerable to Incorrect Use of Privileged APIs via insufficient permission checks in the getlog function. An authenticated user without log-viewing permissions can still access task execution logs containing sensitive operational data, debugging...

Unauthorized Access

Mattermost is vulnerable to unauthorized access. The vulnerability is due to a lack of proper access restrictions in the Mattermost application, allowing members of a channel to view files that they should not have permission to access...

GitLab: Removed Guest role user who dosent have access to private project in members able to view jobs

Vulnerability description not provided...

PT-2024-40086 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue concerns the reports CMS section, where it only checks the canView function when listing reports that can be viewed by the current user. However, it does not perform this chec...

XWiki Commons 安全漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that once a document has been deleted, the permissions added to the document are not taken into account for viewing it...