58 matches found
EUVD-2026-43308
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...
CVE-2026-54602
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks,...
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34044
The CVE-2026-34044 issue affects Coolify prior to 4.0.0-beta.466 where Logs::mount() looks up resources by UUID without limiting to the current team. This enables an authenticated user to read logs for applications owned by other teams by supplying a victim resource UUID, constituting a cross‑tea...
CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34044
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
CVE-2026-34167
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...
CVE-2026-27883
Coolify vulnerability CVE-2026-27883 is an intra-organization information disclosure (IDOR) affecting deployments details via GET /api/v1/deployments/{uuid}. Before 4.0.0-beta.464, an authenticated user could access deployment data for any team because the token-provided teamId was not used to sc...
CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...
CVE-2026-34592
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying...
CVE-2026-34592
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying...
CVE-2026-34592
CVE-2026-34592 (Coolify) affects the Coolify server and project lookup functionality. Before 4.0.0-beta.471, lookups were not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying IDs directly. This constitutes an unauthe...
PT-2026-53749
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Server and project lookups are not scoped to the current team, which allows any...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the GetPolicyByIDQueries process. An attacker can access policy data belonging to other teams by sending requests to the global policy read endpoint with valid credentials for any team, thereby bypassing...
CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation
Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...
EUVD-2026-30974
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-42526
The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...
Incorrect Authorization
Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Incorrect Authorization via the PUT API endpoint when updating playbooks. A...
CVE-2026-41498 Kimai: Team API Missing Object-Level Authorization
Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with th...
Kimai has Missing Voter Check that Allows Cross-Team Timesheet Manipulation
Summary Any ROLETEAMLEAD user can enumerate, read, modify, and permanently delete timesheets belonging to any other user in the system — regardless of team membership. This enables data destruction deleted billable hours, data tampering forged timesheet durations, and full authorization bypass on...