3 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the CanDoAPIRoute process. An attacker can delete project backgrounds by using an API token with only the projects.background permission, bypassing intended access controls fo...
PT-2026-31985
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja, a self-hosted task management platform, has a scoped API token enforcement issue for custom project background routes. A token with only projects.background permission can successfully delet...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...