148 matches found
CVE-2025-52389
CVE-2025-52389 describes an Insecure Direct Object Reference (IDOR) in the application "Envasadora H2O Eireli - Soda Cristal" version v40.20.4 . The vulnerability allows authenticated attackers to access sensitive data belonging to other users through a crafted HTTP request. The issue’s CVSS v3.1...
CVE-2025-41030
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnovav2/IntegrantesRecursov21/llamadaAjax/buscarPersona’ using the ‘dni’ parameter...
T-INNOVA Deporsite 安全漏洞
T-INNOVA Deporsite is an application from T-INNOVA. A security vulnerability exists in T-INNOVA Deporsite that stems from a lack of authorization and could lead to obtaining information about other users via GET requests and dni parameters...
CVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...
CVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...
CVE-2025-45968
Summary: CVE-2025-45968 affects System PDV v1.0 and is an IDOR vulnerability in the hash URL parameter that permits a remote attacker to access other users’ data or internal resources without proper authorization. The issue is consistently described across multiple sources (NVD, Red Hat, CVE List...
MAL-2025-37389 Malicious code in twu-registered-users-data-service (npm)
The package twu-registered-users-data-service was found to contain malicious code...
CVE-2022-41616
Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...
CVE-2022-46804
Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...
CVE-2020-11464
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...
CVE-2025-24850
An attacker can export other users' plant information...
PT-2025-16497
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An attacker can export other users' plant information. This issue allows unauthorized access to sensitive data belonging to other users. Recommendations At the moment, there is no information...
Splunk 访问控制错误漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk suffers from an Access Control Error...
CVE-2025-0256
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...
IBM DevOps Deploy 访问控制错误漏洞
IBM UrbanCode Deploy IBM UCD is a suite of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applicatio...
IBM Sterling File Gateway 访问控制错误漏洞
IBM Sterling File Gateway is a file transfer software package from International Business Machines IBM. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. An access control error vulnerability exists in I...
CVE-2024-50651
javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...
PT-2024-34699 · Wave · Wave
Name of the Vulnerable Software and Affected Versions: Wave version 2.0 Description: The issue arises from insufficient encryption of sensitive data received at the API response, allowing an authenticated remote attacker to exploit it by manipulating API input parameters. This could lead to...
CVE-2024-41713
A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the...
CVE-2024-47087
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...