CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

BIT-GITLAB-2026-2370 Improper Handling of Parameters in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

CVE-2026-2370

A flaw was found in GitLab CE/EE. An authenticated user with minimal workspace permissions could exploit an improper authorization check within Jira Connect installations to obtain installation credentials and impersonate the GitLab application. This vulnerability could lead to unauthorized acces...

CVE-2026-2370

CVE-2026-2370 affects GitLab CE/EE across multiple older branches (14.3 before 18.8.7, 18.9 before 18.9.3, 18.10 before 18.10.1) and relates to Jira Connect installations. The issue allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate...

GHSA-W2RR-38WV-8RRP kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There...

PT-2024-26904 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: MeterSphere versions prior to 2.10.15-lts Description: The issue allows users without workspace permissions to view functional test cases of other workspaces beyond their authority. Recommendations: For versions prior to 2.10.15-lts, upgrade ...

CVE-2024-32467

MeterSphere (open source continuous testing platform) is affected in versions prior to 2.10.14-lts. The issue allows members without space permissions to view member information from other workspaces beyond their authority. The root cause is insufficient access control that permits cross-workspac...

GHSA-CJ6R-8PXJ-5JV6 Incorrect Permission Preservation in Jenkins Core

Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically...