16 matches found
CVE-2026-14340
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...
EUVD-2026-41145
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...
PT-2026-50134
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description A scope escalation issue exists in the web archive download endpoint. A personal access token with any non-repository scope, such as read:issue or read:misc, can be used to download full...
RUSTSEC-2026-0048 CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...
NRF security vulnerabilities
nrf is a network repository feature module developed by free5GC. Version 1.4.0 of nrf contains a security vulnerability. This vulnerability stems from theAccessTokenScopeCheck function, which bypasses all scope verifications when using a specially crafted targetNF value, potentially allowing acce...
CVE-2025-46175
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...
EUVD-2024-35272
Malicious code in bioql PyPI...
EUVD-2022-7028
Malicious code in bioql PyPI...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check before traversing the members of the ealist to ensure that each ea remains within the scope o...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an abnormal interrupt in the drm/amdkfd module scope check cp bad operation...
BIT-CONCOURSE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...
CVE-2023-34460 Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes eg. $HOME/, but a regression was introduced when a...
CVE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...
CVE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...
CVE-2022-31683
Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...
CVE-2021-46517
There is an Assertion mjsstacksize&mjs-;scopes 0' failed at src/mjsexec.c in Cesanta MJS v2.20.0...