CVE-2026-33345 solidtime vulnerable to IDOR in private projects

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization. Mitigation Mitigation for this issue is either not available or the currently available...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of project ownership during organization project operations. An attacker can modify projects belonging to a different organization by leveraging project write acce...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of project ownership during organization project operations. An attacker can modify projects belonging to a different organization by leveraging project write acce...

EUVD-2026-4266

Gitea does not properly validate project ownership in organization project operations...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-20750

Gitea (code.gitea.io/gitea) has CVE-2026-20750: a cross-organization authorization bypass where a user with project write access in one organization can modify projects in another due to improper validation of project ownership in organization project operations. Reported across multiple feeds; C...

CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2022-23739

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...

CVE-2024-3504

An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in versi...

PT-2024-26295 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An improper access control issue exists, allowing an admin to update any organization user to the organization owner. This enables the elevated user to delete projects within th...