Lucene search
K

22 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00159EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-25712

The CVE-2026-25712 issue affects Gitea prior to version 1.25.5, where organization permission APIs lack sufficient visibility checks for hidden members and private organizations. The root cause is insufficient visibility checks within the organization APIs, leading to exposure of private visibili...

6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-41622

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51403

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A denial of service issue exists in the 'POST /app/demo' endpoint. Authenticated users with organization write permissions can create an unlimited number of demo applications because the system lack...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/17 6:8 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the POST /api/v1/repos/owner/repo/forks API endpoint, which fails to enforce the required organization repository creation permissions. An attacker can gain administrative control over a new repository within...

8.6CVSS5.9AI score0.00304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50583

Name of the Vulnerable Software and Affected Versions Gitea version 1.23 Description An authorization inconsistency exists between the web UI and the API regarding repository forking. The API endpoint POST /api/v1/repos/owner/repo/forks fails to verify the CanCreateOrgRepo permission, checking on...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References8
CVE
CVE
added 2026/02/11 9:14 p.m.31 views

CVE-2026-26012

CVE-2026-26012 affects vaultwarden (unofficial Bitwarden server in Rust). Prior to 1.35.3, a regular organization member could retrieve all ciphers within an organization via the /ciphers/organization-details endpoint, which internally uses Cipher::find_by_org and returns ciphers with CipherSyncT...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-36561

Malicious code in bioql PyPI...

7.1CVSS5.1AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-44092

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.0043EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.5 views

CVE-2023-28623

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

6.5CVSS7AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:10 a.m.8 views

CVE-2023-32311

CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...

7.1CVSS6.7AI score0.00382EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/12/12 12:0 a.m.5 views

forgejo -- multiple vulnerabilities

Problem Description: It was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action registration, password reset or secondary email validation could be used to perform a different action. It is no longer...

7.6AI score
Exploits0References1
Grafana
Grafana
added 2023/10/12 12:0 a.m.10 views

Grafana org admins can modify permissions across all orgs

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

7.2CVSS6.9AI score0.01074EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/25 8:4 p.m.17 views

CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

6.5CVSS7AI score0.00398EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/25 8:4 p.m.34 views

CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

6.5CVSS6.6AI score0.00398EPSS
Exploits0References2
NVD
NVD
added 2023/05/26 11:15 p.m.26 views

CVE-2023-32311

CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...

7.1CVSS6.9AI score0.00382EPSS
Exploits0References1
Prion
Prion
added 2023/05/26 11:15 p.m.18 views

Design/Logic Flaw

CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised t...

4CVSS4.7AI score0.00382EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/26 10:27 p.m.45 views

CVE-2023-32311

The CVE-2023-32311 issue affects CloudExplorer Lite prior to v1.1.0, where there is an insufficient check of organization/workspace permissions, allowing a user to add themselves to any organization. Multiple connected sources confirm this vulnerability, its fixed status in version 1.1.0, and the...

7.1CVSS5.2AI score0.00382EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.5 views

PT-2023-23721 · Unknown · Cloudexplorer Lite

Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite versions prior to 1.1.0 Description: The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixe...

7.1CVSS6.7AI score0.00382EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/05/19 9:4 p.m.10 views

CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

6.5CVSS6.6AI score0.00527EPSS
Exploits0References2
Rows per page
Query Builder