Lucene search
K

12 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.5 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.38 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:42 p.m.6 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/10 3:34 p.m.3 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the addRepeatIntervalToTime function. An attacker can exhaust server resources and render the application unresponsive by creating tasks with extremely small repeat intervals and due dates far ...

7.1CVSS5.8AI score0.00347EPSS
Exploits1References2
CISA
CISA
added 2026/03/13 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3909link is external Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910link is external Google Chromium V8 Unspecified Vulnerability These types o...

8.8CVSS5.8AI score0.02EPSS
In wildExploits1References7
CISA
CISA
added 2026/01/13 12:0 p.m.16 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20805link is external Microsoft Windows Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actor...

5.5CVSS6.6AI score0.05028EPSS
In wildExploits5References6
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.6 views

PT-2025-53587

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description Authenticated users may be able to enumerate sensitive information regarding data due dates by enumerating package identifiers. The issue involves the potential disclosure of data...

4.3CVSS6AI score0.00219EPSS
Exploits0References5
OSV
OSV
added 2022/05/13 1:12 a.m.14 views

GHSA-CW72-69WQ-F9F2 Moodle External function mod_assign_save_submission does not check due dates

The savesubmission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service...

4.3CVSS5.8AI score0.01429EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.30 views

Moodle External function mod_assign_save_submission does not check due dates

The savesubmission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service...

4.3CVSS6.4AI score0.01429EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.14 views

Moodle < 2.7.13 / 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities

Binary data 9194.prm...

8.8CVSS6AI score0.01931EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2016/04/05 12:0 a.m.22 views

FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)

Marina Glancy reports : - MSA-16-0003: Incorrect capability check when displaying users emails in Participants list - MSA-16-0004: XSS from profile fields from external db - MSA-16-0005: Reflected XSS in moddata advanced search - MSA-16-0006: Hidden courses are shown to students in Event Monitor ...

8.8CVSS5.5AI score0.01931EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2016/03/21 12:0 a.m.33 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...

8.8CVSS1.7AI score0.01931EPSS
Exploits0References1
Rows per page
Query Builder