4 matches found
CVE-2025-13985
Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...
CVE-2025-13985
This CVE concerns Drupal Entity Share with an Incorrect Authorization vulnerability that enables forceful browsing. Affected product/line: Drupal Entity Share prior to version 3.13.0 . The issue is described as an access control flaw that could permit unauthorized access (information disclosure) ...
PT-2026-5204
Name of the Vulnerable Software and Affected Versions Drupal Entity Share versions prior to 3.13.0 Description An authorization issue exists in Drupal Entity Share that permits forceful browsing. This flaw potentially allows unauthorized access to resources. Recommendations Update Drupal Entity...
CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...