6 matches found
Incorrect Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the BulkUsersController::destroy process. An attacker can gain unauthorized ability to soft-delete other non-admin users by sending a direct POST...
Note Mark 授权问题漏洞
Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.3 had an authorization issue vulnerability. This vulnerability stemmed from the fact that notes and uploaded assets could still be accessed after public books were soft-deleted,...
CVE-2026-34586
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
CVE-2026-34586 PdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download Endpoints
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...
CVE-2023-5195
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of...
Code injection
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of...