Lucene search
+L

5 matches found

euvd
euvd
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29116

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References4
cvelist
cvelist
added 2026/03/24 2:50 p.m.20 views

CVE-2026-33313 Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

5.3CVSS0.00254EPSS
Exploits0References3
github
github
added 2026/03/20 5:25 p.m.7 views

Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

An authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to. Details The GET /api/v1/tasks/taskID/comments/commentID endpoint performs an authorizati...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/02/16 9:47 a.m.3 views

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References2Affected Software1
cve
cve
added 2025/09/09 10:31 p.m.21 views

CVE-2025-59044

CVE-2025-59044 affects Himmelblau 0.9.x, where group-to-GID mapping derives numeric GIDs from Entra ID group displayName when id_attr_map = name. This can cause distinct groups sharing a displayName to collapse to the same GID on Linux, enabling privilege escalation if access is controlled by num...

4.4CVSS6.3AI score0.00132EPSS
Exploits0References3
Rows per page
Query Builder