56 matches found
CVE-2026-57950
Summary (CVE-2026-57950): ruoyi-vue-pro before 2026.05 contains a broken access control in ErpSaleOrderController due to incorrect permission namespace enforcement. The controller applies the erp:sale-out namespace instead of the intended erp:sale-order namespace, allowing attackers with erp:sale...
CVE-2026-54322 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...
CVE-2026-54322 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...
CVE-2026-54322
The CVE-2026-54322 issue affects Daytona prior to 0.185.0, where organization role update/delete endpoints granted access based on the caller’s ownership of an org but validated the target role only by its identifier, not by org ownership. This cross-org IDOR lets an authenticated user who owns a...
GHSA-QXVM-PCFM-QC39 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An authenticated user who ow...
CVE-2026-27677
Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...
CVE-2026-27676
Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...
PT-2026-47087
Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description An Insecure Direct Object Reference exists in the agent CRUD endpoints. The system validates if a user is a member of a workspace but fails to verify if the requested agent actuall...
PT-2026-45487
Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description An Insecure Direct Object Reference IDOR exists in the issue CRUD endpoints. The application validates if a user is a member of a workspace but fails to verify if the requested iss...
Dolibarr ERP/CRM 安全漏洞
Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...
GHSA-HMG2-JJJX-JCP2 FlowiseAI: Vector Store No Permission Checks
FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH CVSS 8.1 Type: CWE-306 Missing Authentication for Critical Function File: packages/server/src/routes/openai-assistants-vector-store/index.ts Description: ALL CRUD endpoints for OpenAI Assistants Vector Store hav...
CVE-2026-42550 Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert, SimplePdo::update, and SimplePdo::delete build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an...
PT-2026-37903
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...
CVE-2026-27679
Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...
CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)
Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...
CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)
Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...
PT-2026-32557
Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...
PT-2026-32559
Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...
CVE-2026-33326
Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...