Lucene search
K

88 matches found

OSV
OSV
added last week5 views

ROOT-OS-UBUNTU-2404-CVE-2026-52934 CVE-2026-52934 in rootio-linux - Patched by Root

Root has patched CVE-2026-52934 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

8.8CVSS5.8AI score0.00247EPSS
Exploits0
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.3CVSS0.00286EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-20909

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

5.3CVSS0.00286EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.10 views

CVE-2026-25782

Summary: Gitea before 1.25.5 vulnerable to authorization bypass in tracked-time deletion. The bug occurs when a time entry is looked up by time ID without scoping to the issue in the request URL, allowing deletion of time-tracking entries from other issues. Affected software: Gitea server (Go pro...

5.3CVSS5.9AI score0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.34 views

CVE-2026-25782 Gitea tracked-time deletion can target entries from another issue

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

0.00286EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.4 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.9AI score0.00286EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.34 views

CVE-2026-20909 Gitea tracked-time list endpoint has insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

0.00286EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41615

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score0.00286EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.12 views

CVE-2026-20909

Gitea (go-gitea/gitea) versions before 1.25.5 are affected by an access control issue in the tracked-time list endpoint, allowing potential disclosure of time-tracking data due to insufficient permission checks. The vulnerability is mitigated by upgrading to version 1.25.5 or higher (as per the l...

5.3CVSS6AI score0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55595

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to scope the lookup of tracked-time entries to the specific issue provided in the request URL when searching by time ID. This flaw allows an attacker to attempt the deletion of time...

5.3CVSS6.1AI score0.00286EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55588

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient permission checks occur when listing tracked time entries. Recommendations Update to version 1.25.5 or later...

5.3CVSS6.1AI score0.00286EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 5:0 p.m.38 views

CVE-2026-13591 DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS0.00199EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 5:0 p.m.6 views

EUVD-2026-40153

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS5.3AI score0.00199EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.7 views

CVE-2026-8358

A heap-based buffer overflow vulnerability was discovered in LibreOffice Calc's spreadsheet importer. When processing tracked changes from a spreadsheet document, the application fails to properly handle duplicate change identifiers. By reusing the same change identifier for two distinct types of...

6.9CVSS6.1AI score0.00171EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 6:16 p.m.11 views

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 4:24 p.m.7 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:24 p.m.43 views

CVE-2026-8358

CVE-2026-8358 affects LibreOffice Calc during import of tracked changes. A heap buffer overflow occurs when a document reuses the same change identifier for two different kinds of changes; the importer may treat one change object as a larger type and write past the end of its allocation. The vuln...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder