2 matches found
CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...
Open-Xchange: Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt
0x01 Path Traversal in dict-fs module If we use fs to store dictionaries, when program get the value of key: static int fsdictlookupstruct dict dict, poolt pool, const char key, const char valuer, const char errorr struct fsdict dict = struct fsdict dict; struct fsfile file; struct istream input;...