Lucene search
+L

1181 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-53444

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan OIDC-related Meteor methods in packages/wekan-oidc/oidcserver.js, server/models/org.js, and server/models/team.js are globally callable without the admin authorization checks used by their non-OIDC counterparts. Authenticated use...

7.6CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2 days ago11 views

CVE-2026-53444

Wekan (open-source Kanban, Meteor-based) prior to v9.32 had missing authorization on OIDC-related Meteor methods (e.g., setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, groupRoutineOnLogin) in packages/wekan-oidc/oidc_server.js a...

7.6CVSS6.1AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-60320

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.32 Description OIDC-related Meteor methods in packages/wekan-oidc/oidc server.js, server/models/org.js, and server/models/team.js are globally callable without the required admin authorization checks. Authenticated...

7.6CVSS6.2AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 4 days ago5 views

MAL-2026-10232 Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.1AI score
Exploits0References3
The Hacker News
The Hacker News
added 2026/07/09 6:38 p.m.19 views

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging...

6AI score
Exploits0
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-2007 vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

2.7CVSS6AI score0.00316EPSS
Exploits0References6
CVE
CVE
added 2026/07/07 5:28 a.m.13 views

CVE-2026-57870

CVE-2026-57870 describes a broken object-level access control flaw in MicroRealEstate’s Template API (up to version 1.0.0-alpha3). The underlying issue allows an attacker to retrieve document templates used by other organizations without authorization. Affected software is MicroRealEstate, with t...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.3 views

Malicious code in enbd-react-lib (npm)

The enbd-react-lib package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enbd' interna...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.7 views

Malicious code in box-react-uix (npm)

The box-react-uix package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'box' internal...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.7 views

Malicious code in @flex-ng/header-component (npm)

The @flex-ng/header-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10237 Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
Snyk
Snyk
added 2026/07/03 10:19 p.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/services/aut...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/models/auth ...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.12 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

7.5CVSS0.00353EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41622

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.36 views

CVE-2026-25712 Gitea organization permission APIs expose private visibility information

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

0.00353EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.20 views

CVE-2026-25712

Gitea CVE-2026-25712 affects versions before 1.25.5. The issue is in the organization permission APIs (routers/api/v1/org) where visibility checks are insufficient, allowing an attacker to access private visibility information about hidden members and private organizations. The root cause is inad...

7.5CVSS6AI score0.00353EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.5 views

CVE-2026-25712

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations...

6AI score0.00353EPSS
Exploits0References5
Rows per page
Query Builder