Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/07/10 1:57 p.m.30 views

CVE-2026-56765 Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
OSV
OSV
added 2023/06/05 8:15 p.m.2 views

DEBIAN-CVE-2023-33968

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not...

5.4CVSS5.7AI score0.00382EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.7 views

SUSE CVE-2019-3683

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

8.8CVSS8.7AI score0.00935EPSS
Exploits0References3
OSV
OSV
added 2020/01/17 11:15 a.m.5 views

CVE-2019-3683

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete...

8.8CVSS5.9AI score0.00935EPSS
Exploits0References2
Rows per page
Query Builder