EUVD-2026-30182

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR Insecure Direct Object Reference and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetDevice process. An attacker can access sensitive device metadata belonging to other tenants by providing a valid device UID and authenticating with any user account. Remediatio...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, 24.2.7, and 25.1.5, which stems from an authenticated user being able to retrieve the number of computers of other tenants via the DriveLoc...

EUVD-2025-203953

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

CVE-2024-3317

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...

CVE-2024-3317

CVE-2024-3317 involves SailPoint Identity Security Cloud (ISC) message server API showing improper access control. An authenticated user can exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. This is described across multiple sources (NVD, Red H...

PT-2023-5579 · Cisco · Cisco Catalyst Sd-Wan Manager

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager affected versions not specified Description: The issue is related to insufficient user session management within the Cisco Catalyst SD-WAN Manager system, specifically in the multi-tenant feature. This could allo...

Red Hat CloudForms Unauthorized Operation Vulnerability

Red Hat CloudForms is a suite of IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. The solution creates and manages private and public clouds and has the ability to manage the application lifecycle. A security vulnerability exists in Red Hat CloudForms. An attacker could...