CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

EUVD-2026-28870

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

GHSA-2VQ4-854F-5C72 Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the Delete process. An attacker can remove link shares from projects they do not own by specifying a valid share ID and a project ID for which they have admin rights. Remediation...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the Delete process. An attacker can remove link shares from projects they do not own by specifying a valid share ID and a project ID for which they have admin rights. Remediation...

SUSE CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non-POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

EUVD-2025-31400

Malicious code in bioql PyPI...

EUVD-2021-32449

Malicious code in bioql PyPI...

EUVD-2025-8449

Malicious code in bioql PyPI...

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

CVE-2025-59945

Vulnerability summary (CVE-2025-59945): SysReptor (Syslifters) versions 2024.74 through 2025.82 allow authenticated, non-admin users to grant themselves the is_project_admin privilege, enabling reading, modifying, and deleting pentest projects they are not members of. This is mitigated in version...

PT-2025-39701

Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.74 through 2025.82 Description Authenticated, unprivileged users can assign the is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not...

CVE-2021-45730

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators...

CVE-2024-35224

OpenProject contains a Stored XSS in the Cost Report feature caused by misconfigured tablesorter. The vulnerability allows an attacker with Edit work packages and Add attachments permissions to store JavaScript via a ticket attachment, bypassing CSP and potentially escalating privileges to a Syst...

CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions...

CVE-2024-28230

Summary of CVE-2024-28230 : JetBrains YouTrack versions prior to 2024.1.25893 allow attaching/detaching a workflow to a project without project admin permissions, enabling possible unauthorized workflow management. Reported by Red Hat and other sources, with CVSS v3.1 base score 6.5 (Medium) / Ne...

BIT-ARTIFACTORY-2021-45730

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators...