CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

MAL-2025-37389 Malicious code in twu-registered-users-data-service (npm)

The package twu-registered-users-data-service was found to contain malicious code...

CVE-2022-41616

Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...

CVE-2022-46804

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...

CVE-2020-11464

An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...

CVE-2025-24850

An attacker can export other users' plant information...

PT-2025-16497

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An attacker can export other users' plant information. This issue allows unauthorized access to sensitive data belonging to other users. Recommendations At the moment, there is no information...

Splunk 访问控制错误漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk suffers from an Access Control Error...

CVE-2025-0256

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

IBM DevOps Deploy 访问控制错误漏洞

IBM UrbanCode Deploy IBM UCD is a suite of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the automation of complex applicatio...

IBM Sterling File Gateway 访问控制错误漏洞

IBM Sterling File Gateway is a file transfer software package from International Business Machines IBM. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. An access control error vulnerability exists in I...

CVE-2024-50651

javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...

PT-2024-34699 · Wave · Wave

Name of the Vulnerable Software and Affected Versions: Wave version 2.0 Description: The issue arises from insufficient encryption of sensitive data received at the API response, allowing an authenticated remote attacker to exploit it by manipulating API input parameters. This could lead to...

CVE-2024-41713

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the...

CVE-2024-47087

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

CVE-2024-45787

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the AP...

CVE-2024-45786

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive...

Open Source Medicine Ordering System 1.0 SQL Injection

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Date : 27/02/2024 Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb...

CU Solutions Group Content Management System Security Vulnerability

CU Solutions Group Content Management System CUSG CMS is a content management system from CU Solutions Group, Inc. A security vulnerability exists in CU Solutions Group Content Management System versions prior to v.7.75. A remote attacker can use this vulnerability to execute arbitrary code,...