88 matches found
ROOT-OS-UBUNTU-2404-CVE-2026-52934 CVE-2026-52934 in rootio-linux - Patched by Root
Root has patched CVE-2026-52934 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...
CVE-2026-25782
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...
CVE-2026-20909
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...
CVE-2026-25782
Summary: Gitea before 1.25.5 vulnerable to authorization bypass in tracked-time deletion. The bug occurs when a time entry is looked up by time ID without scoping to the issue in the request URL, allowing deletion of time-tracking entries from other issues. Affected software: Gitea server (Go pro...
CVE-2026-25782 Gitea tracked-time deletion can target entries from another issue
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...
CVE-2026-25782
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...
CVE-2026-20909 Gitea tracked-time list endpoint has insufficient permission checks
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...
EUVD-2026-41615
Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...
CVE-2026-20909
Gitea (go-gitea/gitea) versions before 1.25.5 are affected by an access control issue in the tracked-time list endpoint, allowing potential disclosure of time-tracking data due to insufficient permission checks. The vulnerability is mitigated by upgrading to version 1.25.5 or higher (as per the l...
PT-2026-55595
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to scope the lookup of tracked-time entries to the specific issue provided in the request URL when searching by time ID. This flaw allows an attacker to attempt the deletion of time...
PT-2026-55588
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient permission checks occur when listing tracked time entries. Recommendations Update to version 1.25.5 or later...
CVE-2026-13591 DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization
A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...
EUVD-2026-40153
A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...
CVE-2026-8358
A heap-based buffer overflow vulnerability was discovered in LibreOffice Calc's spreadsheet importer. When processing tracked changes from a spreadsheet document, the application fails to properly handle duplicate change identifiers. By reusing the same change identifier for two distinct types of...
CVE-2026-8358
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...
CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...
CVE-2026-8358
CVE-2026-8358 affects LibreOffice Calc during import of tracked changes. A heap buffer overflow occurs when a document reuses the same change identifier for two different kinds of changes; the importer may treat one change object as a larger type and write past the end of its allocation. The vuln...