CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

GHSA-6X34-89P7-95WG Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

CVE-2026-2620

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2620

Huace Monitoring and Early Warning System version 2.2 is affected by a SQL injection in the web application path /Web/SysManage/ProjectRole.aspx when the ID parameter is manipulated. The vulnerability is exploitable remotely, with public exploits available, and the vendor has not responded to dis...

Huace Monitoring and Early Warning System SQL注入漏洞

The Huace Monitoring and Early Warning System is a geological structure and safety monitoring platform developed by Huace Corporation. Version 2.2 of the Huace Monitoring and Early Warning System contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of...

PT-2026-20337

Name of the Vulnerable Software and Affected Versions Huace Monitoring and Early Warning System version 2.2 Description A weakness exists in Huace Monitoring and Early Warning System 2.2, specifically within an unknown functionality of the /Web/SysManage/ProjectRole.aspx file. Manipulating the ID...

CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2026-24885

Kanboard (Kanban project management software) is affected by a CSRF flaw in the ProjectPermissionController prior to version 1.2.50. The root cause is the server not strictly enforcing Content-Type: application/json for the changeUserRole action, accepting text/plain despite a JSON body. This all...

EUVD-2016-5318

Malware in sbrugna...

Improper Access Control

github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to incomplete cleanup of access bindings, specifically when a Project Role linked to a group is removed from a project, which fails to delete the bindings granting access to cluster scoped resources...

SUSE CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

Privilege Escalation

github.com/rancher/rancher is vulnerable to Privilege Escalation. The vulnerability exists due to a flaw in the authorization logic, which allows an attacker to escalate permissions for any -promoted resource in any cluster through the project role template binding PRTB and -promoted roles...

GHSA-7M72-MH5R-6J3R Privilege escalation in project role template binding (PRTB) and -promoted roles

Impact An issue was discovered in Rancher versions from 2.5.0 up to and including 2.5.16 and from 2.6.0 up to and including 2.6.9, where an authorization logic flaw allows privilege escalation via project role template binding PRTB and -promoted roles. This issue is not present in Rancher 2.7...

Privilege escalation in project role template binding (PRTB) and -promoted roles

Impact An issue was discovered in Rancher versions from 2.5.0 up to and including 2.5.16 and from 2.6.0 up to and including 2.6.9, where an authorization logic flaw allows privilege escalation via project role template binding PRTB and -promoted roles. This issue is not present in Rancher 2.7...

CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings such as cluster-owner, manage cluster members, project-owner and manage project members to gain owner permission in another...

PT-2022-4713

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.6.7 SUSE Rancher versions prior to 2.5.16 Description The issue is related to an Improper Authorization vulnerability in SUSE Rancher. It allows any user with permissions to create or edit cluster role template...