PT-2026-44163

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0 Description The '/api/project' endpoint exposes sensitive SCADA/HMI project configuration data to unauthenticated requests. This occurs because the secureFnc middleware utilizes a function that automatically generates a vali...

MantisBT Authorization Issue Vulnerability (CNVD-2025-28527)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

MantisBT 授权问题漏洞

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

GO-2024-3013 Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor...

Improper Permission Validation

github.com/goharbor/harbor is vulnerable to Improper Permission Validation. The vulnerability is due to the failure to validate maintainer role permissions when updating project configurations. Attackers can exploit this by sending requests to create, update, or delete metadata in a project they ...

GHSA-HW28-333W-QXP3 Harbor fails to validate the user permissions when updating project configurations

Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...

Harbor fails to validate the user permissions when updating project configurations

Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...

Zabbix Security Vulnerabilities

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from a security flaw in the Proxy, Server component that allows an attacker with...

Privilege Escalation

gitlab is vulnerable to Privilege Escalation. This vulnerability occurs due to a flaw in the way that GitLab handles project tokens. An attacker with the "Maintainer" role on any project can exploit this vulnerability to gain the "Internal" role on the same project, which grants them elevated...

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers arises from improperly implemented data filtering during input processing. This allows attackers to alter the contents of project configuration files.

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to improperly implemented data filtering. Exploiting this vulnerability allows a malicious actor to remotely modify the contents of project configuration files...

CVE-2020-2197

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...