Lucene search
K

6 matches found

EUVD
EUVD
added 2026/07/06 8:48 a.m.9 views

EUVD-2026-41860

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:9 p.m.6 views

CVE-2026-57521

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6AI score0.00248EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/25 7:9 p.m.7 views

EUVD-2026-39542

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6AI score0.00248EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/06 3:28 a.m.9 views

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References8
CVE
CVE
added 2026/03/11 8:48 p.m.15 views

CVE-2026-32122

OpenEMR (Claim File Tracker UI/AJAX Endpoint) exposes billing claim metadata to authenticated users lacking proper billing permissions prior to version 8.0.0.1 due to missing authorization on the Claim File Tracker endpoint. This is fixed in 8.0.0.1. The vulnerability stems from ACLs not matching...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2019/02/26 6:2 a.m.14 views

New Relic: Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints

Around November of last year you switched to using Zoura https://www.zuora.com/ to handle your New Relic customer subscriptions. As a restricted user without administrative privileges, I am unable to view and data associated with the billing page https://rpm.newrelic.com/accounts/1523936/payments...

6.7AI score
Exploits0
Rows per page
Query Builder