CVE-2026-45829

CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the tenant management handlers in the /api/v1/tenants routes. An attacker can read, modify, or delete any tenant, including transferring ownership or destroying tenants, by calling GET, PUT, or DELETE on...

EUVD-2025-36721

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

CVE-2025-61876

CVE-2025-61876 is an IDOR flaw in Inforcer Platform 2.0.153 allowing a low-privilege, authenticated user to enumerate and access tenant data from other clients by altering the tenant ID in the /tenants/{id} URL. The Red Hat and NVD records corroborate the issue; the CVSSv3.1 score is 5.0 (Medium)...

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

Inforcer Platform 安全漏洞

Inforcer Platform is a multi-tenant management platform from the Dutch company Inforcer. A security vulnerability exists in Inforcer Platform version 2.0.153, which stems from the presence of an insecure direct object reference in the /tenants/id API endpoint, which could lead to a low-privileged...

PT-2024-39131 · Sourcecodester · Sourcecodester Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A problem has been found in the New Tenant Page component of the file /index.php?page=tenants. The manipulation of the Last Name, First Name, and Middle Name argument...

PT-2023-12763 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is related to stored XSS via the desc parameter in the "ajaxTenants.php" endpoint. Recommendations: For AudioCodes Device Manager Express versions throu...

CVE-2023-33794

A stored cross-site scripting XSS vulnerability in the Create Tenants /tenancy/tenants/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

PT-2023-24497 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Tenants function, specifically at the /tenancy/tenants/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a...