Lucene search
K

15 matches found

CVE
CVE
added 2026/05/19 11:17 p.m.16 views

CVE-2026-34970

Summary: CVE-2026-34970 affects MantisBT, where versions 2.28.1 and earlier allow a bugnote author to view the Revisions page of a private issue after losing access to that issue. This undermines confidentiality by exposing private issue metadata on the Revisions page. Root cause (as described): ...

5.3CVSS5.7AI score0.00372EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/04/24 12:32 p.m.8 views

Medical data of 500,000 UK volunteers listed for sale on Alibaba

Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba. The UK Biobank charity informed the British government of an incident concerning the medical data belonging to 500,000 British citizens being offered for sale on the Chinese e-commerce website Alibaba...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.2 views

CVE-2026-32619

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

6.3CVSS5.8AI score0.0016EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.8 views

Gitea improperly exposes issue titles and repository names through previously started stopwatches

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.4AI score0.00333EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.5 views

CVE-2023-32357

An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.19 views

Atlassian Jira < 8.19.1 Improper Authentication

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.5.x prior to 8.19.1. It is, therefore, affected by a vulnerability allowing a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issu...

7.5CVSS7.4AI score0.01173EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/07/07 12:0 a.m.22 views

Atlassian Jira 8.5.x < 8.19.1 (JRASERVER-72801)

The version of Atlassian Jira installed on the remote host is prior to 8.5.x 8.19.1. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-72801 advisory. - Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312 CVE-2021-41312 Note that...

7.5CVSS7.4AI score0.01173EPSS
Exploits0References2
Prion
Prion
added 2021/12/08 4:15 a.m.22 views

Authentication flaw

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...

5CVSS5.2AI score0.00804EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/19 9:20 a.m.38 views

CVE-2021-36372 Original block tokens are persisted and can be retrieved

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...

9.5AI score0.02445EPSS
Exploits0References2
Prion
Prion
added 2021/11/03 4:15 a.m.19 views

Authentication flaw

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

5CVSS7.5AI score0.01173EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/11/03 3:50 a.m.39 views

CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

7.7AI score0.01173EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.38 views

Access-revoked user can enable/disable Issue Collectors on a Jira project - CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

7.5CVSS7.1AI score0.01173EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.42 views

Access-revoked user can view audit logs of Jira Projects - CVE-2021-41309

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The...

5.3CVSS5.8AI score0.00804EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/09/15 1:19 a.m.54 views

Access-revoked user can add new users and groups to a Jira project - CVE-2021-41311

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. T...

7.5CVSS6.4AI score0.00836EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/03/27 6:29 p.m.2 views

UBUNTU-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

6.5CVSS7.2AI score0.00817EPSS
Exploits1References4
Rows per page
Query Builder