EUVD-2024-2187

Malicious code in bioql PyPI...

CVE-2020-28002

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint...

CVE-2020-2321

A cross-site request forgery CSRF vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project...

GHSA-W5XM-MX47-V7C8 lunary-ai/lunary allows users unauthorized access to projects

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that packlage. In lunary-ai/lunary version v1.2.13, an incorrect authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organizatio...

CVE-2024-4146

In Lunary (lunary-ai/lunary) v1.2.13, CVE-2024-4146 describes an incorrect authorization vulnerability in the checkProjectAccess middleware. The vulnerability relies on only verifying organization membership and fails to enforce explicit project-level permissions checked via the account_project t...