CVE-2026-8381

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

EUVD-2025-209530

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

CVE-2025-13480

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

CVE-2025-13480 Incorrect authorization in Fudo Enterprise

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

CVE-2025-13480

Fudo Enterprise (versions 5.5.0–5.6.2) contains an authorization flaw where low-privileged users can access administrator-only API endpoints, exposing sensitive data such as system logs and parts of system configuration. Root cause: improper protection/authorization on API resources. Impact: pote...

Fudo Enterprise 安全漏洞

Fudo Enterprise is a security control platform for privileged access management and session auditing developed by the Polish company Fudo. Versions of Fudo Enterprise 5.6.2 and earlier contained security vulnerabilities. These vulnerabilities were due to inadequate protection of API endpoints,...

PT-2026-33742

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

CVE-2025-41763 Unchecked role in wwwdnload.cgi

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

CVE-2025-41763 Unchecked role in wwwdnload.cgi

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

EUVD-2023-47200

Malicious code in bioql PyPI...

CVE-2024-42485

CVE-2024-42485 affects Filament Excel. The vulnerability exists in the export download route /filament-excel/{path}, where an attacker could leverage directory traversal using ../ to download arbitrary files without authentication when the webserver allows such paths. This could disclose sensitiv...

CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

PT-2023-13553 · Unknown · Wecube Platform

Name of the Vulnerable Software and Affected Versions: WeCube Platform version 3.2.2 Description: An issue was discovered in WeCube Platform, where multiple CSV injection issues exist. The affected pages include the Home / Admin / Resources page, the Home / Admin / System Params page, and the Hom...

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

Privilege escalation

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

Sourcecodester Vehicle Service Management System 安全漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple Web application for automotive repair/service stores or businesses. Sourcecodester Vehicle Service Management System has an elevation of privilege vulnerability that could be exploited by attackers to access...

CVE-2018-13400

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version...