2 matches found
CVE-2025-40673
creationtimestamp| type| source ---|---|--- 2025-05-28 12:14:01+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqa6ilhy6pc2 2025-05-28 13:42:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqadgi5exb2m...
CVE-2025-40673
CVE-2025-40673 describes a Missing Authorization vulnerability in DinoRANK, enabling access to any user’s invoices via the endpoint /facturas/YYYY-MM/SDRYYMM-XXXXX.pdf due to absent access control. The PDF filename can be learned through OSINT, insecure traffic, or brute force. Documented impact ...