4 matches found
CVE-2026-44426
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
PT-2026-38405
Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/namespaces/:tenant" returns the complete namespace object to any caller authenticated via an API Key, regardless of the API Key's tenant scope. This object...
CVE-2025-41090
microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...