PT-2026-20997

A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag app,1,create by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be...

CVE-2026-23754

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...

EUVD-2026-3605

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...

CVE-2022-38808

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface...

CVE-2025-36228

CVE-2025-36228 affects IBM Aspera Faspex 5 (versions 5.0.0–5.0.14.1). The issue is inconsistent permissions between the UI and backend API, allowing users to access features that appeared disabled and potentially leading to misuse. Red Hat, CIRCL, NVD, and other feeds corroborate the same descrip...

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex 5 5.0.14.1 and prior versions, which stems from inconsistent permissions between the user interface and...

PT-2025-53586

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 Description The software may have inconsistent permissions between the user interface and backend API. This could allow users to access features that appear disabled, potentially leading to...

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

CVE-2025-41337

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'...

CVE-2025-41340

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'idtpdenuncia' and 'idsociedad' in '/backend/api/buscarTipoDenunciabyId.php'...

CVE-2025-41336

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'...

CVE-2025-41112

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'...

CVE-2025-8053

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

CVE-2025-8053

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

CVE-2025-8053

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

CVE-2025-8053 Insufficient access control vulnerability has been discovered in Opentext Flipper.

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1....

CVE-2025-8053

CVE-2025-8053 affects OpenText Flipper v3.1.2. The issue is an insufficient granularity of access control that could allow a low-privilege user to interact with the backend API without proper privileges. The vulnerability centers on how access controls are configured for Flipper’s backend API, en...

EUVD-2022-1706

Malicious code in bioql PyPI...

EUVD-2025-24136

Malicious code in bioql PyPI...