13 matches found
CVE-2026-40486
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486
Kimai CVE-2026-40486 affects the User Preferences API. In versions
CVE-2026-40479
Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and...
CVE-2026-32631
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...
CVE-2025-66413
CVE-2025-66413 (Git for Windows) affects the Windows port of Git prior to 2.53.0(2). The issue arises when a user is tricked into cloning from a malicious server, allowing an attacker to obtain the user’s NTLM hash. Because NTLM hashing is weak, the attacker may brute-force the user’s account nam...
CVE-2025-66413
Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...
Security update for gh (moderate)
openSUSE Security Update: Security update for gh Announcement ID: openSUSE-SU-2024:0227-1 Rating: moderate References: 1227035 Cross-References: CVE-2024-6104 CVSS scores: CVE-2024-6104 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-6104 SUSE: 6...