Lucene search
K

61 matches found

Cvelist
Cvelist
added 2026/04/10 3:58 p.m.24 views

CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

8.3CVSS0.0029EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/10 3:58 p.m.4 views

CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/10 3:33 p.m.5 views

EUVD-2026-21418

Vikunja vulnerable to Privilege Escalation via Project Reparenting...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 3:33 p.m.3 views

GHSA-2VQ4-854F-5C72 Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/10 3:33 p.m.5 views

Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31946

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...

8.3CVSS5.7AI score0.0029EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006809 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change whe...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988770 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

5.5CVSS6AI score0.00235EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.3 views

SUSE SLED15: libQt5Bootstrap-devel-static / libQt5Bootstrap-devel-static-32bit / etc (SUSE-SU-2025:3723-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3723-1 advisory. Security issues fixed: - CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigg...

8.4CVSS7.4AI score0.00343EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2025/10/22 11:22 a.m.4 views

Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: Security issues fixed: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low...

6.9CVSS7.1AI score0.00343EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986756 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

5.5CVSS6AI score0.00235EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986329 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

5.5CVSS6AI score0.00235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986534)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986534 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle...

5.5CVSS6AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25735

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00125EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-38041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we...

5.5CVSS6.8AI score0.00137EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/20 8:3 p.m.6 views

CVE-2025-38041

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...

7CVSS7.4AI score0.00137EPSS
Exploits0References4
OSV
OSV
added 2025/06/18 10:15 a.m.5 views

AZL-70280 CVE-2025-38041 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...

5.5CVSS5.7AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2025/06/18 10:15 a.m.3 views

UBUNTU-CVE-2025-38041

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...

5.5CVSS5.9AI score0.00137EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the clk driver not properly re-parenting the H616 GPU clock frequency when it changes...

5.5CVSS8AI score0.00137EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:36 p.m.6 views

CVE-2022-20475

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

7.8CVSS6.7AI score0.00125EPSS
Exploits0References1
Rows per page
Query Builder