Lucene search
K

4 matches found

CVE
CVE
added 9 hours ago6 views

CVE-2026-59235

CVE-2026-59235 describes a missing authorization check in Prospero Flow CRM company_id)->get(), enabling any authenticated, low-privilege user to read all bank accounts within their company. The vulnerability exposes sensitive data (IBAN, SWIFT/BIC, account identifiers) without role/permission...

8.7CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 9 hours ago9 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 9 hours ago6 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-44608

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder