CVE-2026-31215

The CVE-2026-31215 issue affects Nexent v1.7.5.2, where the ElasticSearch service interface exposes an unauthorized DELETE /{index_name}/documents endpoint. The vulnerability arises from missing authentication/authorization and lack of validation for the path_or_url parameter, enabling unauthenti...

CVE-2026-31215

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...

CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

EUVD-2008-2223

Malware in sbrugna...

EUVD-2015-0946

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-23203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF...

Elasticsearch 安全漏洞

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch versions prior to 8.13.0 that stems from an incorrect authorization issue in the API key-based security model, allowing an attacker with a remote cluster API key to read arbitrary...

Improper Access Control

Odoo is vulnerable to Improper Access Control. This vulnerability exists inthe 'reporting engine' due to its failure to properly validate user requests. which allows an attacker to download PDF reports for arbitrary documents via crafted requests...

DEBIAN-CVE-2021-23203

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests...

UBUNTU-CVE-2021-23203

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests...

Odoo 安全漏洞

Odoo is a set of enterprise resource planning ERP and customer relationship management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...

PT-2023-12049 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 Description: The issue is related to improper access control in the reporting engine, allowing remote attackers to download PDF reports for arbitrary documen...

CVE-2021-21320 User content sandbox can be confused into opening arbitrary documents

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

Code injection

search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter...

CVE-2015-0938

search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter...

Information disclosure

Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information...

Code injection

The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribu...

CVE-2007-2135

The ADIBINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FNDDOCUMENTS table via the ADIDISPLAYREPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is relat...

Code injection

The ADIBINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FNDDOCUMENTS table via the ADIDISPLAYREPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is relat...

CVE-1999-0564

An attacker can force a printer to print arbitrary documents e.g. if the printer doesn't require a password or to become disabled...