CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

CVE-2026-38587

CVE-2026-38587 is an Insecure Direct Object Reference (IDOR) impacting ONLYOFFICE DocSpace prior to 3.2.1. The flaw exists across multiple REST API endpoints and allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information such as the Owner’s ID and prof...

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

CVE-2025-68710

Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...

PT-2026-43163

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. The function make special file passes the tar header's linkname to...

EUVD-2026-31845

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

CVE-2025-68708

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...

PT-2026-43276

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description The software exposes a gRPC API server on port 50052 that lacks an authentication mechanism. The server is initialized using grpc::InsecureServerCredentials, allowing any user...

CVE-2025-68711

The CVE-2025-68711 entry concerns AppLockZ (applock.passwordfingerprint.applockz) Android app version 4.2.11. The root cause is that the lock is implemented as an overlay rather than using Android’s secure authentication APIs, allowing a local attacker with physical access to bypass the PIN. By n...

PT-2026-43264

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

CVE-2025-68710

Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...

PT-2026-43196

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...

CVE-2025-68710

CVE-2025-68710 concerns Easyelife App lock 1.9.2 for Android. The vulnerability arises because the lock is implemented as an overlay instead of using Android’s secure authentication APIs, allowing a local attacker with physical access to bypass the PIN. By navigating cascading interface flows and...

CVE-2025-68708

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...

UBUNTU-CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

EUVD-2026-31717

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2018-25359

CVE-2018-25359 affects Splinterware System Scheduler Pro 5.12. The issue is insecure file permissions enabling low-privilege users to replace the service executable (WService.exe) in the installation directory, causing a malicious binary to run with LocalSystem privileges when the service starts....

EUVD-2018-21881

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...