30 matches found
EUVD-2026-29965
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-35062
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-35062 iControl SOAP vulnerability
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2026-40639
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An authenticated iControl SOAP user can obtain information regarding other accounts through a privilege assignment issue...
saleor 授权问题漏洞
Saleor is an open-source interface software developed by Saleor Commerce. Versions of Saleor from 2.10.0 to 3.23.0a3, as well as versions before 3.22.47, 3.21.54, and 3.20.118, have issues with authorization vulnerabilities. These vulnerabilities stem from logical and authorization flaws in the...
PT-2026-7727
Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description Issues in the My Account and User Management components allow for access escalation. A user with low privileges can gain access to other accounts by manipulating the client’s user ID to modi...
CVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
CVE-2026-21641
HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...
Revive Adserver security vulnerability
Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from an...
Asseco InfoMedica 安全漏洞
Asseco InfoMedica is a comprehensive medical information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from insufficient access control granularity and could lead to the acquisition of coded...
Revive Adserver Missing Authorization Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
CVE-2025-52670
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...
CVE-2025-52670
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...
CVE-2025-52670
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...
CVE-2025-52670
Revive Adserver is affected by an IDOR-style authorization flaw in the banner deletion workflow. Multiple sources (CNVD, Red Hat, EUVD, NVD/NVD mirrors, OSV, CVE lists, and the HackerOne report) describe a missing ownership check when deleting banners, allowing a user to delete banners owned by a...
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...
PT-2025-34608 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.4 Mahara versions 23.x prior to 23.04.4 Description: Mahara is susceptible to information disclosure when the experimental HTML bulk export feature is utilized through the administration interface or command-lin...
Schweitzer Engineering Laboratories多款产品 安全漏洞
Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software and more are products of Schweitzer Engineering Laboratories, Inc. of the U.S.A. Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software is a graphical, easy-to-use tool that helps users quickly and easily...