OSCP-PEN200

🛡️ OSCP / PEN-200 Master Pentesting Database !License: MIT...

CVE-2026-25564 WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

PT-2026-6927

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description The software contains an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied...

CVE-2025-22171

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

EUVD-2025-35605

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

CVE-2025-22171

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

CVE-2025-22175

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist...

CVE-2025-22171

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

CVE-2025-22171

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

CVE-2025-22171

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

CVE-2025-22171

Jira Align is affected by an authorization issue (CVE-2025-22171). A low-privilege user can alter private checklists belonging to other users. Documented in multiple sources (NVD, Red Hat, EUVD, CVE lists) with no explicit exploitation details and no publicly disclosed fix/version in the provided...

CVE-2025-22175

Jira Align exposes an authorization issue where a low-privilege user can access endpoints that disclose a small amount of sensitive information. In a concrete example, a low-level user was able to modify the steps of another user’s private checklist. The CVE-2025-22175 entry is consistently descr...

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

CVE-2024-9000

In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...

CVE-2024-9096

CVE-2024-9096 affects lunary-ai/lunary 1.4.28. The vulnerable surface is the /checklists/:id PATCH endpoint, which lacks access control, allowing any user associated with a project (not restricted by role) to modify checklist data (e.g., slug or fields). The root cause is insufficient authorizati...

CVE-2024-9000 Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary

In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...

Lunary 授权问题漏洞

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the checklists.post endpoint not being properly privilege-validated and can be exploited by an attacker to cause unauthorized creation or modification of checklists...

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of insecure regular expressions in the /v1/checklists endpoint. An attacker can exploit this vulnerability to cause a denial of service...

Lunary 授权问题漏洞

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the /checklists/:id route not being properly access controlled, which can be exploited by an attacker to cause a low-privileged user to modify the checklist...

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world...