Lucene search
K

63 matches found

OSV
OSV
added 3 days ago3 views

PYSEC-2026-482 PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 10:34 p.m.6 views

GHSA-H8Q5-CP56-RR65 PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 10:32 p.m.7 views

GHSA-GV23-XRM3-8C62 PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

8.8CVSS5.8AI score0.00044EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 11:17 p.m.6 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 10:25 p.m.18 views

CVE-2026-4916 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS0.00348EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There is a security vulnerability in GitLab, which stems from improper...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1836

Malware in sbrugna...

7.5CVSS6.4AI score0.01239EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2010-4860

Malware in sbrugna...

4.3CVSS6.4AI score0.01086EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-1837

Malware in sbrugna...

4.3CVSS6.4AI score0.01768EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18758

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00205EPSS
Exploits0References3
CNVD
CNVD
added 2025/07/11 12:0 a.m.4 views

Mattermost Permission Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from not properly enforcing channel member management privileges, which can be exploited by an attacker to enable unauthorized users t...

4.3CVSS7AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.3 views

Mattermost Elevation of Privilege Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an elevation of privilege vulnerability that stems from insufficient validation of channel member management privileges, which can be exploited by an attacker to cause...

5.4CVSS7.1AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 6:31 p.m.4 views

GHSA-V8FR-VXMW-6MF6 Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.1AI score0.00177EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.3 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an elevation of privilege vulnerability that stems from insufficient validation of channel member management privileges, which can be exploited by an attacker to cause...

5.4CVSS7AI score0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.6 views

CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS6.9AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/06/20 3:30 p.m.5 views

GHSA-QWWM-C582-82RX Mattermost allows unauthorized channel member management through playbook runs

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS6.8AI score0.00205EPSS
Exploits0References3
NVD
NVD
added 2025/06/20 3:15 p.m.5 views

CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/06/20 3:15 p.m.7 views

CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/20 2:31 p.m.5 views

CVE-2025-3227 Unauthorized channel member management through playbook runs

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS4.5AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder