22 matches found
CVE-2026-25712
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...
CVE-2026-25712
The CVE-2026-25712 issue affects Gitea prior to version 1.25.5, where organization permission APIs lack sufficient visibility checks for hidden members and private organizations. The root cause is insufficient visibility checks within the organization APIs, leading to exposure of private visibili...
EUVD-2026-41622
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...
PT-2026-51403
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A denial of service issue exists in the 'POST /app/demo' endpoint. Authenticated users with organization write permissions can create an unlimited number of demo applications because the system lack...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the POST /api/v1/repos/owner/repo/forks API endpoint, which fails to enforce the required organization repository creation permissions. An attacker can gain administrative control over a new repository within...
PT-2026-50583
Name of the Vulnerable Software and Affected Versions Gitea version 1.23 Description An authorization inconsistency exists between the web UI and the API regarding repository forking. The API endpoint POST /api/v1/repos/owner/repo/forks fails to verify the CanCreateOrgRepo permission, checking on...
CVE-2026-26012
CVE-2026-26012 affects vaultwarden (unofficial Bitwarden server in Rust). Prior to 1.35.3, a regular organization member could retrieve all ciphers within an organization via the /ciphers/organization-details endpoint, which internally uses Cipher::find_by_org and returns ciphers with CipherSyncT...
EUVD-2023-36561
Malicious code in bioql PyPI...
EUVD-2023-44092
Malicious code in bioql PyPI...
CVE-2023-28623
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2023-32311
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...
forgejo -- multiple vulnerabilities
Problem Description: It was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action registration, password reset or secondary email validation could be used to perform a different action. It is no longer...
Grafana org admins can modify permissions across all orgs
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32311
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...
Design/Logic Flaw
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...
CVE-2023-32311
The CVE-2023-32311 issue affects CloudExplorer Lite prior to v1.1.0, where there is an insufficient check of organization/workspace permissions, allowing a user to add themselves to any organization. Multiple connected sources confirm this vulnerability, its fixed status in version 1.1.0, and the...
PT-2023-23721 · Unknown · Cloudexplorer Lite
Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite versions prior to 1.1.0 Description: The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixe...
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...