CVE-2026-23843 teklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offers

teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...

EUVD-2025-11472

Malicious code in bioql PyPI...

EUVD-2025-24210

Malicious code in bioql PyPI...

EUVD-2022-41729

Malicious code in bioql PyPI...

EUVD-2025-23289

Malicious code in bioql PyPI...

EUVD-2023-36951

Malicious code in bioql PyPI...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

[SECURITY] Fedora 42 Update: udisks2-2.10.90-3.fc42

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

CVE-2024-45308

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...

CVE-2025-32950

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

CVE-2024-12880

The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...

Insecure Direct Object Reference (IDOR)

Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control. Specifically, the application does not properly validate or restrict a user's access to resources based on their identity, allowing them to manipulate parameters like...

CVE-2023-38051 A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0

A BOLA vulnerability in GET, PUT, DELETE /secretaries/secretaryId allows a low privileged user to fetch, modify or delete a low privileged user secretary. This results in unauthorized access and unauthorized data manipulation...

CVE-2023-38048

CVE-2023-38048 affects Easy!Appointments (older releases) via a BOLA vulnerability in GET, PUT, DELETE /providers/{providerId}, enabling a low-privileged user to fetch, modify, or delete a privileged provider account. The vulnerability is described consistently across sources as an insecure autho...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to cause a denial-of-service, access gain access to and manipulate system data, or launch a Server-Side Request Forgery SSRF exploit. Such an attack can lead to execution of...

PT-2023-6852 · Unknown · Pt-G503 Series

Name of the Vulnerable Software and Affected Versions: PT-G503 Series versions prior to v5.2 Description: A vulnerability has been identified where the session cookies attribute is not set properly in the affected application, potentially exposing user session data to unauthorized access and...

Improper Input Validation

OpenJDK is vulnerable to Improper Input Validation. An attacker can update, insert or delete access to some of Oracle Java SE and Oracle GraalVM Enterprise Edition accessible data through multiple protocols...

Amazon Linux 2 : containerd (ALASDOCKER-2023-023)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-023 advisory. containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user c...

CVE-2022-32528

The CVE-2022-32528 entry concerns Schneider Electric IGSS Data Server (IGSSdataServer.exe) prior to version V15.0.0.22170. The issue is a CWE-306 Missing Authentication for Critical Function vulnerability that could allow an attacker to manipulate and read files in the IGSS project report directo...

EXFO BV-10 授权问题漏洞

The EXFO BV-10 is a low-cost, easy-to-configure, purpose-built, intelligent performance endpoint device from EXFO Canada. A security vulnerability exists in the EXFO BV-10 that originates from an authentication bypass that allows a user to manually manipulate access to enable authentication bypas...