EUVD-2026-27864

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

Broken Access Control

Indico is vulnerable to Broken Access Control. the vulnerability is due to improper authorization logic that fails to verify the caller's privileges, allowing attackers to invoke the API and obtain profile details of other users without admin permissions...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper authorization checks on the Host parameter. An attacker can view profile information of other users by manipulating the Host parameter. Remediation Upgrade leantime/leantime to version 3.3 or higher...