130 matches found
Exploit for CVE-2025-53640
CVE-2025-53640 – Authenticated User Enumeration in CERN's Indi...
CVE-2024-12305
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...
CVE-2023-41058
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...
CVE-2023-51649
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...
Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk
Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55070
CVE-2024-55070 affects hay-kot mealie v2.2.0. The vulnerability is a Broken Object Level Authorization in the component at /households/permissions, enabling group managers to edit their own permissions. Documented impact is limited to this privilege escalation vector (group managers changing thei...
CVE-2024-55072
CVE-2024-55072 affects hay-kot Mealie v2.2.0. The issue is Broken Object Level Authorization in the /api/users/{user-id} endpoint, allowing a user to edit their own profile to grant themselves more permissions or alter their household. The root cause is improper access control on user objects, en...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
PT-2025-13393 · Unknown · Hay-Kot Mealie
Name of the Vulnerable Software and Affected Versions: hay-kot mealie version 2.2.0 Description: A Broken Object Level Authorization vulnerability in the component "/api/users/user-id" of hay-kot mealie allows users to edit their own profile in order to give themselves more permissions or to chan...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v2.2.0 that stems from improper object-level authorization...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...