4 matches found
CVE-2026-59235
CVE-2026-59235 describes a missing authorization check in Prospero Flow CRM company_id)->get(), enabling any authenticated, low-privilege user to read all bank accounts within their company. The vulnerability exposes sensitive data (IBAN, SWIFT/BIC, account identifiers) without role/permission...
CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts
Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...
CVE-2026-59235
Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...
EUVD-2026-44608
Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...