PT-2026-43032

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

CVE-2026-40252

CVE-2026-40252 affects the FastGPT AI Agent building platform. The flaw is a Broken Access Control (IDOR/BOLA) where, before version 4.14.10.4, an authenticated user from one team could access and execute applications belonging to another team by supplying a foreign appId. The root cause is that ...

EUVD-2019-19727

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

EUVD-2022-32911

Malicious code in bioql PyPI...

CVE-2022-28467

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 11.6 and earlier versions, which stems from SQL injection of the parameter appid...

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02842)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'appid' parameter to the include\spacecp\spacecpspace.php file to inject arbitrary Web script or HTML...