2391 matches found
CVE-2026-47422
CVE-2026-47422 affects the Frappe framework. An endpoint in reportview allowed unrestricted access to save_report due to missing permission checks prior to versions 15.107.5 and 16.18.2. The issue is fixed in those versions (15.107.5 and 16.18.2). The provided references include a GitHub advisory...
CVE-2026-59796
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...
CVE-2026-59796
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...
EUVD-2026-42914
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...
CVE-2026-59796
CVE-2026-59796 affects JetBrains TeamCity prior to 2026.1.2. The issue arises from improper permission checks that could allow pipeline modification. Documented impact is pipeline modification with high impact on confidentiality and integrity (per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). N...
CVE-2026-53640
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...
CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...
CVE-2026-53643
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...
CVE-2026-53913 Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...
PT-2026-56036
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can perform unauthorized actions through admin API endpoints. This issue stems from the can always access module flag, which grants all staff access to specific...
PT-2026-56033
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can read sensitive data through admin API endpoints that lack proper permission checks. Although write endpoints enforce fine-grained permissions, the corresponding...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...
CVE-2026-27771
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...
CVE-2026-24690
Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...
CVE-2026-20909
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...
CVE-2026-27660 Gitea draft releases use insufficient permission checks
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-27771
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...
CVE-2026-27771 Gitea Composer package source links use insufficient permission checks
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...
CVE-2026-27771
CVE-2026-27771 affects Gitea container registry prior to 1.26.2. The root cause is ReqContainerAccess not enforcing per-owner visibility, allowing ghost users (UserID: -1) to access private container images via standard OCI/Docker endpoints. Impact: unauthenticated access can expose private/inter...
CVE-2026-24690
Gitea before version 1.25.5 contains insufficient permission checks when updating or rebasing pull request branches, enabling an access control bypass. The issue affects the pull service logic (e.g., related to PR update/rebase paths) and has been addressed by upgrading to Gitea 1.25.5 or later. ...