| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. |
| Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. |
| An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. |
| Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. |
| Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a through 6.4.2.1. |
