BIT-GITLAB-2025-13874 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

EUVD-2025-209834

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

CVE-2025-13874

Removed by vendor...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE from 15.1 ...

Kanboard 安全漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.50 contained security vulnerabilities. These vulnerabilities stemmed from the...

CVE-2026-25530

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

titra 访问控制错误漏洞

titra is a time tracking project from kromit open source. An access control error vulnerability exists in titra version 0.99.49 and earlier, which stems from improper access control and could lead to a user viewing and editing time entries in unauthorized private projects...

EUVD-2016-5852

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-9268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause...

Improper Authorization

wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized projects from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...

Improper Authorization

github.com/goharbor/harbor is vulnerable to improper authorization. A remote authenticated attacker is able to gain access to unauthorized projects due to improper validation of the user permissions when updating tag immutability policies...

CVE-2021-27225

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...

DEBIAN-CVE-2017-9268

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service resource consumption...

CVE-2016-4872

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail...

Authentication flaw

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail...

CVE-2016-4872

Cybozu Office versions 9.0.0–10.4.0 contain a breadcrumb-trail based access restrictions bypass (CVE-2016-4872). Remote authenticated attackers can bypass restrictions and view the names of unauthorized projects. This is a user‑capability exposure rather than a full remote execution issue. Mitiga...