Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/05/26 9:0 a.m.19 views

CVE-2026-2725

A flaw was found in Gerrit. An authenticated attacker with force push permissions on a secondary branch can exploit an incorrect authorization vulnerability within the "submitted together" feature. By crafting a submission that matches the "topic" tag of an unapproved change, the attacker can...

6.5CVSS5.8AI score0.00116EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29910

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS5.9AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 5:32 a.m.56 views

CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 5:32 a.m.22 views

CVE-2026-2725

Gerrit CVE-2026-2725 affects Gerrit versions 2.12 and later due to an incorrect authorization in the "submitted together" feature. An authenticated attacker with force-push permissions on a secondary branch can bypass code review and forcefully submit code to restricted branches by submitting a c...

6CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 5:32 a.m.7 views

CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS5.9AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.3 views

CVE-2026-34738

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

4.3CVSS6AI score0.00238EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:55 p.m.1 views

CVE-2026-34738

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

4.3CVSS5.9AI score0.00238EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29365

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo is an open source video platform. Versions 26.0 and earlier allow any uploader to set a video’s status to any valid state, including "active", through the overrideStatus request parameter. This...

4.3CVSS5.9AI score0.00238EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12613

Malicious code in bioql PyPI...

8.5CVSS6.3AI score0.00618EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.3 views

WordPress plugin Page Builder: Pagelayer – Drag and Drop website builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Page Builder: Pagelayer - Dra...

4.3CVSS8.3AI score0.00269EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/03/15 4:33 p.m.42 views

Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

6.4CVSS7.1AI score0.00532EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2023/11/24 12:0 a.m.7 views

PT-2023-30775 · Unknown · Capsule-Proxy

Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.4.6 Description: The issue is a privilege escalation vulnerability based on a missing check if the user is authenticated based on the TokenReview result. This affects clusters running with the anonymous-auth...

9.8CVSS7.3AI score0.00574EPSS
Exploits1References8
Rows per page
Query Builder