Lucene search
K

46 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/25 2:2 a.m.3 views

CVE-2026-25135

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.3AI score0.00219EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/08 6:51 p.m.13 views

CVE-2025-64431

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

8.7CVSS6.6AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 7:16 p.m.4 views

CVE-2025-64431

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

8.7CVSS0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/07 6:9 p.m.2 views

CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

8.7CVSS6.2AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/07 6:9 p.m.7 views

CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

8.7CVSS0.00276EPSS
Exploits0References3
CVE
CVE
added 2025/11/07 6:9 p.m.15 views

CVE-2025-64431

The CVE-2025-64431 issue concerns Zitadel’s Organization V2Beta API, where IDOR flaws allow an authenticated administrator of one organization to read or modify data of other organizations. Affected versions are Zitadel 4.0.0-rc.1 through 4.6.2. The root cause is improper authorization checks acr...

8.7CVSS6.2AI score0.00276EPSS
Exploits0References3
OSV
OSV
added 2025/11/07 6:9 p.m.5 views

CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

8.7CVSS6.6AI score0.00276EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/05 7:52 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

8.8CVSS6.6AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/11/05 7:52 p.m.4 views

GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...

8.7CVSS6.7AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-2030

Malware in sbrugna...

7.8CVSS6.4AI score0.01743EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0834

Malicious code in bioql PyPI...

8.8CVSS7.2AI score0.00802EPSS
Exploits0References5
NVD
NVD
added 2025/10/01 3:15 p.m.19 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

4.3CVSS0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.4 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

6.6AI score0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/01 12:0 a.m.21 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

0.002EPSS
Exploits0References2
OSV
OSV
added 2025/09/12 3:33 a.m.5 views

GHSA-V53G-736W-MGW4 Liferay Portal's Organization Selector exposes organization data to remote authenticated users

The Organization Selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations...

5.3CVSS6.4AI score0.00244EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.7 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden version 1.30.3, which stems from a failure to adequately protect certain encrypted data stored on the server, and allows...

6.5CVSS6.4AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

lunary 信息泄露漏洞

lunary is a production toolkit for LLM. lunary suffers from an information disclosure vulnerability that stems from inadequate validation of user permissions when joining the organization. An attacker could use this vulnerability to read and modify all data within the organization...

9.1CVSS6.1AI score0.0068EPSS
Exploits0References3
Prion
Prion
added 2024/03/07 6:15 p.m.24 views

Information disclosure

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

5.8CVSS7AI score0.00802EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 4:15 a.m.5 views

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References2
Hacker One
Hacker One
added 2020/05/01 12:29 p.m.20 views

Mail.ru: Cross-organization data access in city-mobil.ru

A legitimate partner's superuser account could have access to information of driver belonging to different partner, including passport and driving license data. Combined Improrer Access + IDOR It was possible to get access to passport, drive license any taxi driver. As well as changed settings...

4.5AI score
Exploits0
Rows per page
Query Builder