Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/06 6:42 p.m.7 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure via the config function. An attacker can access sensitive server-wide secrets, such as LDAP bind passwords and SAML private keys, by uploading a malicious template and causing it to be rendered by another...

5.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 6:28 p.m.12 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the TimesheetVoter::voteOnAttribute process. An attacker can access, modify, or delete timesheet records belonging to users outside their team by sending crafted API requests with sufficient privileges...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/04 8:43 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cgetAction function in InvoiceController.php, which lacks proper customer-level access control. An attacker can access sensitive invoice data belonging to other teams by sending authenticated API requests...

7.1CVSS5.8AI score0.00399EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/18 11:48 p.m.4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the export process. An attacker with export permissions can access sensitive information, including environment variables, user password hashes, serialized sessio...

8.2CVSS5.8AI score0.00389EPSS
Exploits1References2
Rows per page
Query Builder