EUVD-2026-17608

Parser Server's streaming file download bypasses afterFind file trigger authorization...

CVE-2026-25568

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement...

EUVD-2021-26299

Malware in sbrugna...

EUVD-2018-7620

Malware in sbrugna...

EUVD-2022-33874

Malicious code in bioql PyPI...

CVE-2024-3511 Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versione...

PT-2025-26582

Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An incorrect authorization issue exists, allowing unauthorized access to versioned files stored in the registry. This is due to flawed authorization logic, which can be exploited by a...

Incorrect Authorization

snipe/snipe-it is vulnerable to Improper Authorization. The vulnerability is due to insufficient access control due to incorrect authorization logic allowing unauthorized access to asset information...

Dell PowerScale OneFS Authorization Logic Error Vulnerability

PowerScale OneFS is a distributed storage operating system developed by Dell to provide unified file system management and high availability services for enterprise-class storage environments. Dell PowerScale OneFS suffers from an authorization logic error vulnerability that stems from not proper...

User Impersonation

Overview django-tenant-users is an A Django app to extend django-tenants to incorporate global multi-tenant users Affected versions of this package are vulnerable to User Impersonation via custom schema name in provisiontenant function. An attacker can creates a tenant with isstaff, issuperuser,...

Hikvision IP Camera Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated information disclosure such as configuration, credentials and camera snapshots of a vulnerable Hikvision IP Camera', 'Description...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of authorization logic with 'but not' and 'from' expressions and a userset, allowing an attacker to bypass authorization checks and gain unauthorized access to resources...

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-1 advisory. - A user changing their email after signing up and verifying it can change it without verification in profile settings. The...

Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...

GHSA-28G7-896H-695V Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...

CVE-2024-1313

A vulnerability was found in Grafana. Due to an error in authorization logic, it is possible for an unprivileged user in a different organization other than the snapshot owner to perform unauthorized actions such as deleting it using a view key. Mitigation Mitigation for this issue is either not...

GHSA-MH7P-8M2F-QRM6 Duplicate Advisory: Grafana vulnerable to authorization bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-67rv-qpw2-6qrr. This link is maintained to preserve external references. Original Description It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete...

Duplicate Advisory: Grafana vulnerable to authorization bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-67rv-qpw2-6qrr. This link is maintained to preserve external references. Original Description It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete...

CVE-2024-1313

CVE-2024-1313 is confirmed with concrete details in connected docs: Grafana versions affected are 9.5.0–9.5.17, 10.0.0–10.0.12, 10.1.0–10.1.8, 10.2.0–10.2.5, and 10.3.0–10.3.4. The issue is an authorization bypass allowing a user from a different organization to delete a snapshot by sending DELET...

BIT-GITLAB-2021-39943

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call...