66 matches found
CVE-2026-10086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...
CVE-2026-45746
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...
CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...
CVE-2026-42158 Flowsint: Broken Access Control allows modification of investigation metadata from any user
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...
CVE-2026-40305 DNN has Force Friend Request Acceptance
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...
CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...
CVE-2026-35478 InvenTree has Arbitrary API Token Creation
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST...
CVE-2026-27898 Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipherid and call "PUT /api/ciphers/id/partial" Even though the standard retrieval API correctly denies access...
📄 Windows File Explorer Information Disclosure
Proof of concept exploit that demonstrates how the Microsoft Windows File Explorer fails to properly restrict access to sensitive system locations. Exploit Title: Windows File Explorer Information Disclosure CVE-2026-20937 Date: 2026-02-24 Exploit Author: nu11secur1ty Vendor Homepage:...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...
Nextcloud: IDOR on ██████ via direct photo URL leads to unauthorized access to deleted and other users' photos
Summary: An Insecure Direct Object Reference IDOR vulnerability exists in the application that allows unauthorized access to photos belonging to other users. The application does not properly validate whether the logged-in user is authorized to access a photo when accessing it via direct URL. Thi...
EUVD-2026-3286
Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue...
CVE-2025-8305
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files...
CVE-2025-34436
AVideo is affected by an IDOR in the file upload feature: versions prior to 20.1 allow any authenticated user to upload files into directories owned by other users because ownership checks are not enforced, despite authentication being required. The issue stems from lack of authorization for the ...
GHSA-M6HQ-F4W9-QRJJ Weblate has improper validation upon invitation acceptance
Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...
CVE-2025-48604
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-65594
OpenSIS 9.2 and earlier are vulnerable to Incorrect Access Control in Student.php, enabling an authenticated low-privilege user to perform unauthorized database writes on other users’ data. Root cause: insufficient access control in the Student.php component. Affected: OpenSIS
EUVD-2025-201783
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48604
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32328
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...