PT-2026-24939

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

CVE-2021-47721

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...

CVE-2021-47721 Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...

PT-2025-52830

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description An authenticated user can take over other project-assigned accounts by manipulating session cookies, leading to privilege escalation. An attacker can extract a victim's unique ID from the page source and...