pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

Supreme Court to decide whether geofence warrants are constitutional

Google has weighed in on a court case that will decide the future of a powerful but contentious tool for law enforcement. The company submitted an opinion to the US Supreme Court arguing that geofence warrants are unconstitutional. A geofence warrant is a form of "reverse warrant" that turns a...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

PT-2025-48151

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is reported vulnerable to Incorrect Access Control due to a missing checkUserDataScope permission check in the authRole method of SysUserController.java. The CVE entry (CVE-2025-46175) shows a high impact with CVSS v3.1 base score 7.5 (Network, Low complexity, No privileges required,...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-8161

A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument paramsdataScope leads to sql injection. The attack can be launched remotely. The exploit h...

CVE-2025-8126

A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument paramsdataScope leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-8124

A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument paramsdataScope leads to sql injection. The attack can be...

deer-wms-2 注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source . The deer-wms-2 3.3 and earlier versions have an injection vulnerability, the vulnerability stems from the file /system/dept/list on the parameter params dataScope wrong operation leads to SQL injection...

deer-wms-2 注入漏洞

deer-wms-2 is a Chinese deerwms open source warehouse management system . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from the file /system/role/export on the parameter paramsdataScope incorrect operation leads to SQL injection...

deer-wms-2 注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from incorrect manipulation of the parameter paramsdataScope in the file /system/user/list resulting in SQL injection...

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...