2 matches found
CVE-2026-58448
creationtimestamp| type| source ---|---|--- 2026-06-30 22:36:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpk2ttlbxv2h 2026-07-02 01:29:02+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmuxtxbit2o...
CVE-2026-58448
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...