Lucene search
K

118 matches found

CVE
CVE
added 2026/04/10 7:17 p.m.13 views

CVE-2026-32252

CVE-2026-32252 – Chartbrew : A cross-tenant authorization bypass exists in GET /team/:team_id/template/generate/:project_id prior to 4.9.0. The handler calls checkAccess(req, "updateAny", "chart") without awaiting the promise and does not verify the project_id belongs to the caller’s team. As a r...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:17 p.m.2 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/10 7:17 p.m.20 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS0.00285EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33315

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33315

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 3:16 p.m.11 views

CVE-2026-33315

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS0.00302EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 2:53 p.m.25 views

CVE-2026-33315

CVE-2026-33315 (Vikunja) is a vulnerability in Vikunja prior to version 2.2.0 where the Caldav endpoint allows login using Basic Authentication. This enables bypass of TOTP on accounts with 2FA enabled, allowing access to protected project information such as name and description. The issue is fi...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/24 2:53 p.m.5 views

CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS6.3AI score0.00302EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/24 2:53 p.m.21 views

CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS0.00302EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.6 views

Vikunja has a 2FA Bypass via Caldav Basic Auth

Summary The Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be protected behind 2FA if enabled, such as project name, description, etc. Details...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26752

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.1.0 Description The Caldav endpoint allows login using Basic Authentication, which bypasses the TOTP for accounts with 2FA enabled. This allows access to project information normally protected by 2FA, such as projec...

6.9CVSS5.9AI score0.00302EPSS
Exploits1References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/20 12:0 a.m.9 views

Vikunja has a 2FA Bypass via Caldav Basic Auth

The Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be protected behind 2FA if enabled, such as project name, description, etc...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.8 views

GitLab 13.2 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-11247)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensiti...

4.3CVSS5.6AI score0.00205EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 9:15 p.m.9 views

CVE-2025-27550

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server...

3.5CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

IBM Jazz Reporting Service(JRS) 安全漏洞

The IBM Jazz Reporting Service JRS is a ready-to-use reporting component developed by the American multinational company International Business Machines, Inc. IBM. This product includes functions such as report generation, data collection, and lifecycle querying. There is a security vulnerability...

3.5CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.3 views

CVE-2021-2258

Vulnerability in the Oracle Projects product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects...

8.1CVSS6.6AI score0.00987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:32 a.m.7 views

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...

8.7CVSS6.7AI score0.00244EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/26 6:30 a.m.2 views

Exposure of Sensitive Information Due to Incompatible Policies

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Due to Incompatible Policies due to insufficient access validation to private user projects. An attacker can gain unauthorized access to sensitive project information by directly accessing private proje...

8.6CVSS6.6AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 12:3 p.m.5 views

BIT-GITLAB-2025-11247 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

4.3CVSS6.2AI score0.00205EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/11 4:4 a.m.5 views

EUVD-2025-202647

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...

4.3CVSS5.8AI score0.00205EPSS
Exploits0References4
Rows per page
Query Builder