153 matches found
SUSE CVE-2020-14391
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Custom...
EUVD-2026-14308
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2026-4549
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2026-4549 mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2026-4549 mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2026-4549
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2026-4549
CVE-2026-4549 affects mickasmt next-saas-stripe-starter 1.0.0. The openCustomerPortal function in actions/open-customer-portal.ts within the Stripe API is reported to enable an authorization bypass. Remote exploitation is described as possible with high attack complexity. No remediation details a...
Next SaaS Stripe Starter 安全漏洞
Next SaaS Stripe Starter is an integrated payment and authentication SaaS project starter developed by mickasmt as a personal developer. Version 1.0.0 of Next SaaS Stripe Starter contains a security vulnerability. This vulnerability stems from incorrect operations on the openCustomerPortal functi...
EUVD-2011-4598
Malware in sbrugna...
EUVD-2025-8701
Malicious code in bioql PyPI...
EUVD-2023-2921
Malicious code in bioql PyPI...
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...
CVE-2023-32064
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...
CVE-2025-3013
Insecure Direct Object References IDOR in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references...
CVE-2025-3013
Insecure Direct Object References IDOR in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references...
CVE-2025-3013 Insecure direct object references (IDOR) in NightWolf Penetration Platform
Insecure Direct Object References IDOR in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references...
CVE-2025-3013 Insecure direct object references (IDOR) in NightWolf Penetration Platform
Insecure Direct Object References IDOR in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references...
CVE-2025-3013
CVE-2025-3013 affects NightWolf Penetration Testing Customer Portal prior to 2.1.4 (NightWolf Penetration Platform). The issue is an Insecure Direct Object References (IDOR) in access control, enabling an attacker to access by manipulating request parameters or object references. According to the...
NightWolf Penetration Testing Customer Portal 安全漏洞
NightWolf Penetration Testing Customer Portal is an online platform designed specifically for customers of NightWolf, Inc. A security vulnerability exists in NightWolf Penetration Testing Customer Portal versions prior to 2.1.4 that stems from improper access control and could lead to unsafe dire...
PT-2025-13649 · Unknown · Customer Portal
Name of the Vulnerable Software and Affected Versions: Customer Portal versions prior to 2.1.4 Description: The issue is related to Insecure Direct Object References IDOR in access control, allowing an attacker to access sensitive information by manipulating request parameters or object reference...