PT-2026-46999

Summary A user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. Details The connection-test endpoint...

automation-gateway: aap-gateway: Improper Scope Handling in OAuth2 Tokens for AAP 2.5

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

Tolgee 安全漏洞

Tolgee is an open source multilingual translation and localization platform designed to help development teams easily manage and maintain multilingual software applications and websites. A security vulnerability exists in Tolgee versions prior to v3.57.2, which stems from a failure to properly...

PT-2024-20761 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The TYPO3-specifi...

CVE-2023-38510

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

chromium-browser: Permission scoping error in WebRequest

The WebRequest API implementation in extensions/browser/api/webrequest/webrequestapi.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted 1 app or 2...