CVE-2025-14088

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...

EUVD-2025-32447

A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of...

CVE-2025-8760

CVE-2025-8760 analysis (INSTAR 2K+/4K): A buffer overflow in the fcgi_server component (base64_decode) is triggered by manipulating the Authorization argument, allowing remote exploitation in INSTAR 2K+ and 4K, version 3.11.1 Build 1124. Several sources (e.g., Red Hat entry, CVE lists, PT-Securit...

PT-2025-32968 · Dinstar · Instar 2K+ +1

Name of the Vulnerable Software and Affected Versions: INSTAR 2K+ and 4K version 3.11.1 Build 1124 Description: A buffer overflow issue exists in the fcgi server component due to the manipulation of the Authorization argument within the base64 decode function. This allows for remote exploitation ...

CVE-2025-0580

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to...

CVE-2024-11073

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely...

CVE-2023-44154

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 35979...

CVE-2025-3967

A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack...

BIT-GITLAB-2025-0362 Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

CVE-2025-2638

A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiat...

CVE-2025-25244

CVE-2025-25244 affects SAP Business Warehouse (Process Chains). The vulnerability arises from a missing authorization check that allows an attacker with display authorization for a process chain object to set one or more processes to be skipped, causing data loading, activation, or deletion steps...

CVE-2025-0580

CVE-2025-0580 affects Shiprocket Module 3 on OpenCart. The vulnerability resides in the REST API Module’s file path /index.php?route=extension/module/rest_api&action=getOrders, where manipulating the contentHash argument leads to incorrect authorization. It is described as remotely exploitable wi...

Malicious targets can manipulate MIMOProxy permissions

Lines of code Vulnerability details The MIMOProxy contract stores per-caller, per-target, per-selector permissions in a nested internal mapping. MIMOProxy.solL21: /// INTERNAL STORAGE /// /// @notice Maps envoys to target contracts to function selectors to boolean flags. mappingaddress =...