Lucene search
K

4 matches found

NVD
NVD
added 2026/06/19 8:16 p.m.11 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:26 p.m.4 views

GHSA-6P54-FW2F-Q7GF DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.9 views

DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48812

Name of the Vulnerable Software and Affected Versions DevGuard versions prior to 1.4.2 Description On API instances with public assets, any authenticated user can perform unauthorized write operations, regardless of their organization, project, or asset membership. This allows attackers to create...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References9
Rows per page
Query Builder