CVE-2026-44678

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...

PT-2026-31949

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

EUVD-2021-24840

Malware in sbrugna...

EUVD-2022-48991

Malicious code in bioql PyPI...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

PT-2021-22102 · Unknown · Central Dogma

Name of the Vulnerable Software and Affected Versions: Central Dogma affected versions not specified Description: The issue allows for privilege escalation through mirroring to the internal dogma repository, which contains a file that manages project authorization. Recommendations: At the moment,...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

CVE-2020-10083

Removed by vendor...

CVE-2020-10083

CVE-2020-10083 affects GitLab 12.7–12.8.1. The issue is described as insecure permissions where, under certain conditions involving groups, project authorization changes were not being applied. The root cause is related to failure to update project authorizations, which could impact the intended ...