EUVD-2019-5874

Malware in sbrugna...

CVE-2025-10696

CVE-2025-10696 affects OpenSupports 4.11.0. An endpoint allows editing the list of 'supervised users' for any account without verifying ownership, enabling a Level 1 staff member to modify the supervision relationship of a target user. This can let the target view tickets belonging to the added s...

CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list

OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...

EUVD-2021-9192

Malicious code in bioql PyPI...

EUVD-2025-28313

Malicious code in bioql PyPI...

EUVD-2025-25693

Malicious code in bioql PyPI...

EUVD-2025-30244

Malicious code in bioql PyPI...

EUVD-2025-28006

Malicious code in bioql PyPI...

EUVD-2025-27973

Malicious code in bioql PyPI...

EUVD-2025-25603

Malicious code in bioql PyPI...

EUVD-2025-31723

Malicious code in bioql PyPI...

EUVD-2025-31717

Malicious code in bioql PyPI...

CVE-2025-58055

Discourse vulnerability CVE-2025-58055 affects version 3.5.0 and earlier, where AI suggestion endpoints for Title, Category, and Tags can disclose information from restricted topics by altering topic_id in API requests. The root cause is improper access control at the AI helper endpoints, enablin...

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

CVE-2025-41095

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

CVE-2025-41095

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers...

CVE-2025-41098

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

CVE-2025-41098

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

CVE-2025-41091

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...