📄 Authentic 8 User Profile Insecure Direct Object Reference

Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...

CVE-2026-27793

CVE-2026-27793 describes a broken access control in Seerr prior to 3.1.0, where the GET /api/v1/user/:id endpoint returns the full user settings object (including credentials for Pushover, Pushbullet, Telegram) to any authenticated requester, regardless of privileges. This allows eavesdropping of...

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

FEBS-Security 安全漏洞

FEBS-Security is a simple and efficient backend privilege management system. A security vulnerability exists in FEBS-Security v1.0, which stems from insecure permissions configured in the userid parameter of /user/getuserprofile, allowing an attacker to access and arbitrarily modify a user's...