PT-2025-50207

Name of the Vulnerable Software and Affected Versions OpenSIS versions 9.2 and below Description An issue exists in OpenSIS that relates to incorrect access control within the Student.php component. An authenticated user with limited privileges can perform unauthorized database write operations...

CVE-2025-65594

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users...

PT-2025-48641

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

CVE-2025-55471

Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users...

CVE-2025-55471

Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users...

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30334)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of parameters id and idsociedad in /api/buscarEmpresaById.php. An attacker can use this...

CVE-2025-62721

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system,...

CVE-2025-41339

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'idsociedad' in '/backend/api/buscarTipoDenuncia.php'...

CVE-2025-41345

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'iduser' in '/backend/api/buscarDenunciasById.php'...

CVE-2025-41339

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'idsociedad' in '/backend/api/buscarTipoDenuncia.php'...

CVE-2025-41336

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'...

EUVD-2025-37742

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'iduser' in '/backend/api/buscarDenunciasById.php'...

CVE-2025-41345

CVE-2025-41345 describes a missing authorization vulnerability in CanalDenuncia.app. An attacker can access other users’ information by sending a POST to /backend/api/buscarDenunciasById.php with parameters id_denuncia and id_user. Multiple sources (Red Hat, NVD/CNA, CIRCL, CNNVD, etc.) corrobora...

EUVD-2025-37743

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'idarchivo' in '/backend/api/verArchivo.php'...

CVE-2025-41344

CVE-2025-41344 affects CanalDenuncia.app. The issue is a lack of authorization in the /backend/api/verArchivo.php endpoint, where a POST containing id_archivo can disclose other users’ information. Affected component: CanalDenuncia.app; vulnerable operation: POST to verArchivo.php with id_archivo...

CVE-2025-41343 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

CVE-2025-41342 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iduser' in '/backend/api/buscarUsuarioId.php'...

CVE-2025-41342

CVE-2025-41342 involves CanalDenuncia.app with a missing authorization check that allows an attacker to access other users’ data by sending a POST to the endpoint /backend/api/buscarUsuarioId.php using the id_user parameter. This is a direct confidentiality impact (HIGH) described across multiple...

EUVD-2025-37747

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'idtpdenuncia' and 'idsociedad' in '/backend/api/buscarTipoDenunciabyId.php'...

CVE-2025-41113

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarDenunciaByPin.php'...