CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

CVE-2025-67715

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

PYSEC-2025-233

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

Weblate 授权问题漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. An authorization issue vulnerability exists in Weblate versions prior to 5.15, which stems from the possibility that the API may retrieve user notification settings or list all users, potentially leading to...