108 matches found
PT-2026-42799
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description An issue exists where the software fails to validate the OAuth token scope during the callback process. This allows an...
GHSA-M5QG-RVJQ-727P NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
Summary The OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
Summary The OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...
NPM: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
NPM: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
gitea -- multiple vulnerabilities
The Gitea team reports: CVE-2026-27783: incorrect read permission check CVE-2026-25714: public-only token filtering bypass CVE-2026-20706: missing token scope checking CVE-2026-27771: unauthenticated access to private container images CVE-2026-28744: git smart HTTP request scope bug CVE-2026-2869...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...
CVE-2026-40103
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only...
CVE-2026-40103 Vikunja's Scoped API tokens with projects.background permission can delete project backgrounds
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only...
GHSA-3X2W-63FP-3QVW SciTokens has an Authorization Bypass via Path Traversal in Scope Validation
Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...
SciTokens has an Authorization Bypass via Path Traversal in Scope Validation
Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...
SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking
Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...
UBUNTU-CVE-2026-32726
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...
CVE-2026-32727
A flaw was found in SciTokens. A remote attacker can exploit this path traversal vulnerability by using "dot-dot" .. in the scope claim of a token. This allows the attacker to bypass intended directory restrictions, potentially leading to unauthorized access to files and directories outside of th...
Improper Authorization
Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to Improper Authorization via the validatescp and validatescope functions. An attacker can gain unauthorized access to sibling paths by crafting tokens with scope paths that share a...
scitokens 安全漏洞
Scitokens is an open-source science computing token library developed by SciTokens. Versions of Scitokens prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the executor’s use of a simple string comparison when checking whether the resource path in a request was...
Improper Access Control
code.gitea.io/gitea is vulnerable to improper access control. The vulnerability is due to incorrect handling of API tokens with scopes limited to public resources, which allows an attacker to access private resources using a token that should only permit access to public data...
Improper Access Control
code.gitea.io/gitea is vulnerable to improper access control. The vulnerability is due to incorrect propagation of token scope within its package registry access control, which allows an attacker to gain unauthorized access to package resources by misusing improperly scoped tokens...
CVE-2026-3582
CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...
CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access
Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...
NRF security vulnerabilities
nrf is a network repository feature module developed by free5GC. Version 1.4.0 of nrf contains a security vulnerability. This vulnerability stems from theAccessTokenScopeCheck function, which bypasses all scope verifications when using a specially crafted targetNF value, potentially allowing acce...