Lucene search
+L

3 matches found

Cvelist
Cvelist
added 2026/06/26 6:59 p.m.44 views

CVE-2026-52782 OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...

9.9CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/19 2:25 p.m.25 views

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

8CVSS8.2AI score0.01095EPSS
Exploits0References4
OSV
OSV
added 2016/04/11 9:59 p.m.1 views

DEBIAN-CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storagebackendfs.c in libvirt, when fine-grained Access Control Lists ACL are in effect, allows local users with storagevol:create ACL but not domain:write permission to write to arbitrary files via ...

2.5CVSS6.8AI score0.00451EPSS
Exploits0References1
Rows per page
Query Builder