8 matches found
PT-2026-38663
Name of the Vulnerable Software and Affected Versions solidtime version 0.12.0 Description An issue exists where the 'PUT /api/v1/organizations/organization/time-entries/timeEntry' API accepts a route-bound timeEntry from a different organization. This occurs when the caller possesses the...
ELADMIN 安全漏洞
ELADMIN is a backend management system developed by elunez’s individual developer. Versions of ELADMIN 2.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability allowing arbitrary user password resets, which could lead to password resets at any user...
BIT-SOLR-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
Missing Authorization
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the getPermissionName function can be forced to return null. An attacke...
GHSA-QR3P-2XJ2-Q7HQ Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
UBUNTU-CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...