4 matches found
EUVD-2026-39990
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...
CVE-2026-13490
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...
CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
PT-2024-23108 · Silverstripe · Silverstripe/Reports
Name of the Vulnerable Software and Affected Versions: silverstripe/reports versions prior to 5.2.3 Description: The issue allows reports to be accessed by their direct URL by any user who has access to view the reports admin section, even if the canView method for that report returns false...