Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership
Incorrect Authorization in GitLab
Incorrect Authorization in GitLab
OpenFGA has Improper Policy Enforcement
ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist
FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes
FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection
FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads
OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims
October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations
NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references
October: Safe Mode Bypass via Twig Database Write Operations
October: Safe Mode Bypass via CSS Preprocessor Compilers
OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands
Dify has IDOR in deleting someone else's chat conversation
Nginx-UI: Disabled users retain full API access through previously issued bearer tokens
Incorrect authorization in Fudo Enterprise
Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to
Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator ...
zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
Showing 1 - 20 of 1,000+ results