5660 matches found
Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...
CVE-2026-11779 PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
EUVD-2026-39799
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
CVE-2026-11779
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
CVE-2026-11779
Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-57923
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...
CVE-2026-57923
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...
PT-2026-52703
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...
FreeBSD : Gitlab -- Vulnerabilities (ee1e7aef-7117-11f1-873f-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ee1e7aef-7117-11f1-873f-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when deleting task definitions, where users with valid system login privileges can delete task definitions in projects they are not authorized to manage...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...
CVE-2026-2238
CVE-2026-2238 affects GitLab CE/EE, impacting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An unauthorized user could view confidential issue references on public projects due to improper authorization checks. The issue is mitigated in GitLab releases 18.11.6...
CVE-2026-12770
A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...
Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the session management endpoint. An attacker can access session credentials of other users, including those with higher privileges, by making authenticated requests with knowledge of a target user's identity...