46 matches found
CVE-2026-25135
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...
CVE-2025-64431
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-64431
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-64431
The CVE-2025-64431 issue concerns Zitadel’s Organization V2Beta API, where IDOR flaws allow an authenticated administrator of one organization to read or modify data of other organizations. Affected versions are Zitadel 4.0.0-rc.1 through 4.6.2. The root cause is improper authorization checks acr...
CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...
GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...
EUVD-2007-2030
Malware in sbrugna...
EUVD-2024-0834
Malicious code in bioql PyPI...
CVE-2025-59687
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...
CVE-2025-59687
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...
CVE-2025-59687
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...
GHSA-V53G-736W-MGW4 Liferay Portal's Organization Selector exposes organization data to remote authenticated users
The Organization Selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations...
Vaultwarden 安全漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden version 1.30.3, which stems from a failure to adequately protect certain encrypted data stored on the server, and allows...
lunary 信息泄露漏洞
lunary is a production toolkit for LLM. lunary suffers from an information disclosure vulnerability that stems from inadequate validation of user permissions when joining the organization. An attacker could use this vulnerability to read and modify all data within the organization...
Information disclosure
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...
CVE-2023-38751
Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...
Mail.ru: Cross-organization data access in city-mobil.ru
A legitimate partner's superuser account could have access to information of driver belonging to different partner, including passport and driving license data. Combined Improrer Access + IDOR It was possible to get access to passport, drive license any taxi driver. As well as changed settings...