Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48954

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/19 5:52 p.m.5 views

CVE-2026-23721

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.4AI score0.00176EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/30 4:18 p.m.7 views

CVE-2025-12147

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...

6CVSS6.7AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 3:29 p.m.4 views

CVE-2025-12147 Unauthorized access to fields protected by Field-Level Security (FLS) when those fields are members of an object

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...

6CVSS6.4AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2021/08/31 5:15 p.m.1 views

UBUNTU-CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.1CVSS6.5AI score0.01457EPSS
Exploits0References6
Rows per page
Query Builder