Lucene search
K

118 matches found

OSV
OSV
added 2026/06/29 6:1 a.m.5 views

BIT-GITLAB-2026-3176 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS5.8AI score0.00182EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:29 p.m.6 views

CVE-2026-49355

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-3176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 4:34 a.m.6 views

EUVD-2026-39176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52203

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Insufficient authorization checks could allow an authenticated user with limited permissions to access project...

3.1CVSS5.8AI score0.00182EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.16 views

GitLab 18.6 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-3176)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/18 2:48 p.m.10 views

Authorization Bypass Through User-Controlled Key

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the createissue and update processes. An attacker can manipulate project statistics of another...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References2
RustSec
RustSec
added 2026/06/10 12:0 p.m.16 views

`onering` 1.4.1 was removed from crates.io for malicious code

A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...

5.6AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/05 9:43 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the event lookup process. An attacker can access unauthorized event data by providing a valid event UUID belonging to another project. Note: Thi...

3.1CVSS5.5AI score0.00154EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/28 8:33 p.m.18 views

FUXA provides guest and invalid-token access to protected read APIs in secure mode

Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...

5.9AI score0.00089EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/28 8:33 p.m.10 views

GHSA-R9G5-7Q8J-958C FUXA provides guest and invalid-token access to protected read APIs in secure mode

Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...

6.9CVSS5.9AI score0.00089EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44733

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0-2773 Description When secureEnabled is set to true, the software fails to properly restrict access to protected read endpoints. Requests made without a token or with an invalid token are treated as guest contexts rather than...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44163

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0 Description The '/api/project' endpoint exposes sensitive SCADA/HMI project configuration data to unauthenticated requests. This occurs because the secureFnc middleware utilizes a function that automatically generates a vali...

7.5CVSS5.1AI score0.00088EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/30 6:23 p.m.4 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.3AI score0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 6:23 p.m.6 views

CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.4AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 6:23 p.m.13 views

EUVD-2026-26410

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.3AI score0.00241EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.9 views

PT-2026-36164

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References1
NVD
NVD
added 2026/04/10 8:16 p.m.4 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS0.00285EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/10 7:17 p.m.20 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS0.00285EPSS
Exploits1References2
Rows per page
Query Builder