Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.11 views

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.12 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References1
NVD
NVDadded 2026/06/06 6:16 p.m.10 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/06 5:45 p.m.7 views

CVE-2026-11441

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/06 5:45 p.m.7 views

CVE-2026-11441 theonedev Pull Request issues canAccessIssue improper authorization

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/06 5:45 p.m.30 views

CVE-2026-11441 theonedev Pull Request issues canAccessIssue improper authorization

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVEadded 2026/06/06 5:45 p.m.31 views

CVE-2026-11441

The CVE-2026-11441 affects Theonedev Onedev (up to 15.0.5) specifically the Pull Request Handler’s canAccessIssue function in the /issues/ path. The issue arises from manipulation of the issue argument, causing improper authorization. Exploitation is possible remotely. A fix is available in versi...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/06 5:30 p.m.26 views

CVE-2026-11440 theonedev REST API default-branch improper authorization

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/06 5:30 p.m.7 views

CVE-2026-11440 theonedev REST API default-branch improper authorization

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
CVE
CVEadded 2026/06/06 5:30 p.m.27 views

CVE-2026-11440

The CVE-2026-11440 entry pertained to The Onedev onedev up to version 15.0.5. It involves the REST API path /repositories/{projectId}/default-branch where manipulating the project.defaultBranch argument leads to improper authorization. The issue could be exploited remotely. A fix is available in ...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
NVD
NVDadded 2026/06/06 5:16 p.m.13 views

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/06 5:15 p.m.28 views

CVE-2026-11439 theonedev Parent Project projects improper authorization

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/06 5:15 p.m.7 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/06 5:15 p.m.7 views

CVE-2026-11439 theonedev Parent Project projects improper authorization

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/06 5:0 p.m.6 views

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS5.1AI score0.00214EPSS
Exploits0References7Affected Software1
Cvelist
Cvelistadded 2026/06/06 5:0 p.m.38 views

CVE-2026-11438 theonedev projects improper authorization

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/06 5:0 p.m.9 views

CVE-2026-11438 theonedev projects improper authorization

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References6
CVE
CVEadded 2026/06/06 5:0 p.m.26 views

CVE-2026-11438

The CVE-2026-11438 affects Theonedev Onedev up to version 15.0.5, where the vulnerability arises from improper authorization in the /projects functionality. Specifically, manipulating the argument project.forkedFromId can enable an unauthorized action, with remote attack potential. The issue is m...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/06/06 12:0 a.m.8 views

PT-2026-47164

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the REST API component. A remote attacker can manipulate the project.defaultBranch argument within the '/repositories/projectId/default-branch' endpoint to bypass...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/06/06 12:0 a.m.9 views

PT-2026-47163

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the Parent Project Handler component within the '/projects/' file. A remote attacker can manipulate the project.parentId argument to bypass authorization controls...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References9
Rows per page
Query Builder