Lucene search
K

148 matches found

CVE
CVE
added 2025/09/08 12:0 a.m.17 views

CVE-2025-52389

CVE-2025-52389 describes an Insecure Direct Object Reference (IDOR) in the application "Envasadora H2O Eireli - Soda Cristal" version v40.20.4 . The vulnerability allows authenticated attackers to access sensitive data belonging to other users through a crafted HTTP request. The issue’s CVSS v3.1...

8.8CVSS6.1AI score0.00394EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/04 8:14 a.m.4 views

CVE-2025-41030

Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnovav2/IntegrantesRecursov21/llamadaAjax/buscarPersona’ using the ‘dni’ parameter...

6.9CVSS6.8AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.4 views

T-INNOVA Deporsite 安全漏洞

T-INNOVA Deporsite is an application from T-INNOVA. A security vulnerability exists in T-INNOVA Deporsite that stems from a lack of authorization and could lead to obtaining information about other users via GET requests and dni parameters...

6.9CVSS6.4AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.7 views

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

0.00584EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.3 views

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

6.7AI score0.00584EPSS
Exploits1References1
CVE
CVE
added 2025/08/25 12:0 a.m.21 views

CVE-2025-45968

Summary: CVE-2025-45968 affects System PDV v1.0 and is an IDOR vulnerability in the hash URL parameter that permits a remote attacker to access other users’ data or internal resources without proper authorization. The issue is consistently described across multiple sources (NVD, Red Hat, CVE List...

9.8CVSS6.7AI score0.00584EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-37389 Malicious code in twu-registered-users-data-service (npm)

The package twu-registered-users-data-service was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:53 a.m.8 views

CVE-2022-41616

Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...

8.8CVSS8AI score0.0082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:49 a.m.6 views

CVE-2022-46804

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...

8.8CVSS8.5AI score0.00802EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.4 views

CVE-2020-11464

An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...

6.5CVSS5.6AI score0.012EPSS
Exploits1References1
OSV
OSV
added 2025/04/15 10:15 p.m.4 views

CVE-2025-24850

An attacker can export other users' plant information...

6.9CVSS5.8AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16497

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An attacker can export other users' plant information. This issue allows unauthorized access to sensitive data belonging to other users. Recommendations At the moment, there is no information...

6.9CVSS6.3AI score0.00322EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.6 views

Splunk 访问控制错误漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk suffers from an Access Control Error...

6.5CVSS6.5AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2025/03/24 4:15 p.m.3 views

CVE-2025-0256

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/08 12:0 a.m.5 views

IBM DevOps Deploy 访问控制错误漏洞

IBM UrbanCode Deploy IBM UCD is a suite of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applicatio...

6.5CVSS6.1AI score0.00268EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.4 views

IBM Sterling File Gateway 访问控制错误漏洞

IBM Sterling File Gateway is a file transfer software package from International Business Machines IBM. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. An access control error vulnerability exists in I...

4.3CVSS6.3AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 4:15 p.m.6 views

CVE-2024-50651

javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...

6.5CVSS5.8AI score0.0049EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.3 views

PT-2024-34699 · Wave · Wave

Name of the Vulnerable Software and Affected Versions: Wave version 2.0 Description: The issue arises from insufficient encryption of sensitive data received at the API response, allowing an authenticated remote attacker to exploit it by manipulating API input parameters. This could lead to...

7.1CVSS6.4AI score0.00211EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/21 12:0 a.m.36 views

CVE-2024-41713

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the...

0.98067EPSS
Exploits3References1
OSV
OSV
added 2024/09/19 7:15 a.m.5 views

CVE-2024-47087

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References1
Rows per page
Query Builder