Several RESTful api security vulnerabilites are discovered and they can lead to unauthorized access to repository data and settings if a user has permission to create projects in OneDev. These issues have been fixed in release 15.0.6