5 matches found
CVE-2026-44735
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...
CVE-2026-35488
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
EUVD-2019-6463
Malware in sbrugna...
PT-2024-35347 · Nextcloud · Nextcloud Tables
Name of the Vulnerable Software and Affected Versions: Nextcloud Tables versions prior to 0.8.1 Description: The issue concerns the sharing of table information in Nextcloud Tables, where the details about which table identified by a numeric ID is shared with specific groups and users, along with...
USN-4271-1 mesa vulnerability
Tim Brown discovered that Mesa incorrectly handled shared memory permissions. A local attacker could use this issue to obtain and possibly alter sensitive information belonging to another user...