1796 matches found
CVE-2026-1989
Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
EUVD-2026-42553
Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-1989
Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-1989
Technical details of CVE-2026-1989 are not publicly available in the provided documents; monitor for updates.
CVE-2026-5799
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-5730
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-5799 IDOR in Idvlabs' Ontime
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
EUVD-2026-42015
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-5799
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-5799
CVE-2026-5799 is an IDOR in Idvlabs’ Ontime affecting versions up to 04052026, caused by a user-controlled key that enables an authorization bypass. The vulnerability allows exploitation of trusted identifiers and is rated CVSSv3.1 = 7.5 (HIGH) with network attack vector, low attack complexity, n...
CVE-2026-5730 IDOR in Idvlabs' Ontime
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-5730
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
Langflow Authorization Bypass Through User-Controlled Key Vulnerability
Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the users.getUser method in the JSON-RPC API. An attacker can retrieve sensitive credential information, such as password hashes, TOTP secrets, and session tokens, by supplying...
Authorization Bypass Through User-Controlled Key
Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the LFS object reuse process. An attacker can gain unauthorized access to private source objects by leveraging repository access without having the required Code-unit permissions...