IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users

IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify...

PT-2026-36909

Name of the Vulnerable Software and Affected Versions IKUS Rdiffweb versions prior to 2.10.6 Description An improper authorization flaw exists where the API fails to enforce binding between the authenticated subject and the targeted user or tenant. This allows an attacker possessing any valid or...

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

PT-2025-52745

Name of the Vulnerable Software and Affected Versions IdeaBox Creations PowerPack Pro for Elementor versions through 2.10.6 Description A missing authorization issue exists in PowerPack Pro for Elementor, allowing exploitation of incorrectly configured access control security levels. This can lea...

Astra Linux - уязвимость в pypdf2

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...

EUVD-2025-6385

Malicious code in bioql PyPI...

EUVD-2025-6377

Malicious code in bioql PyPI...

EUVD-2025-6384

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-23803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template ...

Akka 代码问题漏洞

Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...

CVE-2023-52122

Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6...

CVE-2025-24974

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

CVE-2025-27138

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27103

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-24974

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27138

DataEase (open source BI/dashboard) before version 2.10.6 contains an authentication flaw in the io.dataease.auth.filter.TokenFilter class that may allow unauthorized access. The issue is confirmed across multiple sources and is resolved in v2.10.6. The vulnerability description does not provide ...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...