Filtered by CWE-639
Total 934 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-15201 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVE-2017-15202 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVE-2017-15206 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVE-2017-0882 1 Gitlab 1 Gitlab 2025-04-20 N/A
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
CVE-2017-15211 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVE-2017-15209 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVE-2017-15208 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVE-2017-15207 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVE-2017-15200 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVE-2017-15199 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVE-2017-15197 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVE-2017-15196 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVE-2017-15195 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVE-2017-15204 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
CVE-2017-15203 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVE-2023-51141 1 Zkteco 1 Biotime 2025-04-18 6.5 Medium
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
CVE-2022-34150 1 Micodus 2 Mv720, Mv720 Firmware 2025-04-16 7.1 High
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
CVE-2022-33944 1 Micodus 2 Mv720, Mv720 Firmware 2025-04-16 6.5 Medium
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.
CVE-2025-31933 2025-04-16 5.3 Medium
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
CVE-2025-31357 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain a user's plant list by knowing the username.