Lucene search
+L

6 matches found

CVE
CVE
added 2026/06/12 6:11 p.m.18 views

CVE-2026-47236

CVE-2026-47236 affects the Solidtime open‑source time-tracking app prior to version 0.12.2. The root cause is insufficient access control in the Jetstream-backed team page: invitations:view and members:view permissions gate the official APIs, but the Jetstream page authorizes access with only bel...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/20 6:18 p.m.6 views

CVE-2026-23721

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/19 5:52 p.m.6 views

CVE-2026-23721

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.4AI score0.00176EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/19 5:52 p.m.6 views

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.4AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 5:52 p.m.6 views

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 2024/04/05 9:30 a.m.26 views

GHSA-W67V-PH4X-F48Q Mattermost Server Improper Access Control

Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the /api/v4/users/me/teams endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users,...

5.1CVSS4.5AI score0.00331EPSS
Exploits0References8
Rows per page
Query Builder