11 matches found
CVE-2026-52779
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public Calendar or Team Planner Queries...
CVE-2026-44678
Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...
PT-2026-31949
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description The CalDAV GetResource and GetResourcesByList methods retrieve tasks by UID from the database without verifying the authenticated user's access to the task's project. This allows any authenticated...
EUVD-2021-24840
Malware in sbrugna...
EUVD-2022-48991
Malicious code in bioql PyPI...
CVE-2020-10083
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...
PT-2021-22102 · Unknown · Central Dogma
Name of the Vulnerable Software and Affected Versions: Central Dogma affected versions not specified Description: The issue allows for privilege escalation through mirroring to the internal dogma repository, which contains a file that manages project authorization. Recommendations: At the moment,...
CVE-2020-10083
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...
CVE-2020-10083
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...
CVE-2020-10083
Removed by vendor...
CVE-2020-10083
CVE-2020-10083 affects GitLab 12.7–12.8.1. The issue is described as insecure permissions where, under certain conditions involving groups, project authorization changes were not being applied. The root cause is related to failure to update project authorizations, which could impact the intended ...