14 matches found
CVE-2025-23202
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The FetchVerse and FetchPassage functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to...
EUVD-2025-37028
Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...
CVE-2025-29556
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...
CVE-2025-29556
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...
CVE-2025-29556
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...
CVE-2025-29556
ExaGrid EX10 vulnerable to Incorrect Access Control (CVE-2025-29556) in versions 6.3–7.0.1.P08. A flaw in the account creation flow allows an Admin to bypass restrictions via API request manipulation, enabling creation of Security Officer accounts without prior approval. Attack scenario: an Admin...
CVE-2025-3396
An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...
CVE-2025-3396
Removed by vendor...
PT-2025-29071 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.3 through 17.11.5 GitLab EE versions 18.0 through 18.0.3 GitLab EE versions 18.1 through 18.1.1 Description: An issue exists in GitLab EE that allows authenticated project owners to bypass group-level forking restriction...
CVE-2025-48953 Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
Umbraco is an ASP.NET content management system CMS. Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and...
PT-2025-23653 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 15.4.1 Description: The issue allows uploading a file that does not adhere to the configured allowable file extensions via a manipulated API request. The problem is resolved in versions 15.4.2 and 16.0.0...
CVE-2025-29996 Authentication Bypass Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-23202
The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...
Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets
CVE-2023-27163 !WARNING This is an educational projec...