Lucene search
K

4 matches found

Cvelist
Cvelist
added 6 days ago21 views

CVE-2026-44736 OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.31 views

CVE-2026-8934 Cross-Project Information Leakage in Google App Engine UI

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:20 p.m.10 views

CVE-2026-8934

The CVE-2026-8934 describes a Missing Authorization vulnerability in a GraphQL private API operation within Google App Engine Cloud Console, enabling an unauthenticated attacker to leak sensitive App Engine request logs from other projects via a crafted request. Affected component: Google Cloud C...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/07/31 2:29 p.m.21 views

CVE-2018-14432

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all...

5.3CVSS6AI score0.01618EPSS
Exploits0References2
Rows per page
Query Builder