Total
934 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15201 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | ||||
CVE-2017-15202 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | ||||
CVE-2017-15206 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | ||||
CVE-2017-0882 | 1 Gitlab | 1 Gitlab | 2025-04-20 | N/A |
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. | ||||
CVE-2017-15211 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | ||||
CVE-2017-15209 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | ||||
CVE-2017-15208 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | ||||
CVE-2017-15207 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | ||||
CVE-2017-15200 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | ||||
CVE-2017-15199 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | ||||
CVE-2017-15197 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | ||||
CVE-2017-15196 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | ||||
CVE-2017-15195 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | ||||
CVE-2017-15204 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | ||||
CVE-2017-15203 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | ||||
CVE-2023-51141 | 1 Zkteco | 1 Biotime | 2025-04-18 | 6.5 Medium |
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | ||||
CVE-2022-34150 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2025-04-16 | 7.1 High |
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. | ||||
CVE-2022-33944 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2025-04-16 | 6.5 Medium |
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. | ||||
CVE-2025-31933 | 2025-04-16 | 5.3 Medium | ||
An unauthenticated attacker can check the existence of usernames in the system by querying an API. | ||||
CVE-2025-31357 | 2025-04-16 | 5.3 Medium | ||
An unauthenticated attacker can obtain a user's plant list by knowing the username. |