Lucene search
K

22 matches found

Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-59709 Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check

Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...

5.3CVSS0.002EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-59709

Ghostfolio CVE-2026-59709 affects the PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint. The root cause is a missing verification of Access.permissions when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with va...

5.3CVSS6AI score0.002EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-59709

Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...

5.3CVSS6AI score0.002EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have a security vulnerability. This vulnerabilit...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 2:15 p.m.6 views

CVE-2025-14025

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS0.00389EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/01/08 2:13 p.m.4 views

ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS5.7AI score0.00389EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/08 2:12 p.m.13 views

ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS5.7AI score0.00389EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/08 1:44 p.m.20 views

CVE-2025-14025 Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS0.00389EPSS
Exploits0References7
CVE
CVE
added 2026/01/08 1:44 p.m.27 views

CVE-2025-14025

CVE-2025-14025 affects Red Hat Ansible Automation Platform (AAP) where read-only OAuth2 tokens bypass gateway write restrictions, enabling write operations to backend services (Controller, Hub, EDA) limited only by RBAC. The issue is fixed via Red Hat advisories RHSA-2026:0360/0361, which note a ...

8.5CVSS6.2AI score0.00389EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-1730

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform AAP affected versions not specified Description A flaw exists in Ansible Automation Platform AAP where read-only scoped OAuth2 API Tokens, enforced at the Gateway level for Gateway-specific operations, can be used t...

8.5CVSS6.4AI score0.00389EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-11340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed...

7.7CVSS5.5AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 9:4 a.m.5 views

BIT-GITLAB-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.8AI score0.00349EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 12:25 p.m.4 views

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.6AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2025/10/09 12:15 p.m.11 views

UBUNTU-CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS5.8AI score0.00349EPSS
Exploits0References4
OSV
OSV
added 2025/10/09 12:4 p.m.5 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.4AI score0.00349EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/09 12:4 p.m.2 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.4AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/09 12:4 p.m.5 views

EUVD-2025-33333

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.3AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/09 12:4 p.m.8 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS0.00349EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/09 12:4 p.m.4 views

CVE-2025-11340

Removed by vendor...

7.7CVSS5.8AI score0.00349EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/08/29 5:35 p.m.41 views

Improper log output when using GitHub Status Notifications in spinnaker

Impact ONLY IMPACTS those use GitHub Status Notifications Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the...

5.3CVSS6.8AI score0.00324EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder