Lucene search
K

9 matches found

Snyk
Snyk
added 2026/04/14 1:7 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview fatfreecrm is a customer relationship management platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the destroy action in app/controllers/emailscontroller.rb. An attacker can delete another user’s email record by sending...

4.2CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 1:7 a.m.10 views

Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

5.8AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28385

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is an artificial intelligence platform designed for offline operation. A missing access control check when deleting files from a knowledge base allows a user with write access to a...

5.4CVSS6AI score0.00252EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.4 views

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...

9.8CVSS5.8AI score0.00571EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/18 12:0 a.m.3 views

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...

9.8CVSS5.8AI score0.00571EPSS
Exploits1References3
CVE
CVE
added 2026/02/18 12:0 a.m.11 views

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter. The CVE-2025-70150 entry uses a network-exposed, unauthenticated path with high impact to...

9.8CVSS5.8AI score0.00571EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/05 5:56 p.m.21 views

CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

3.5CVSS0.00214EPSS
Exploits0References4
Nextcloud
Nextcloud
added 2025/12/05 7:52 a.m.9 views

Participants were able to blindly delete poll drafts of other users by ID

None...

4.3CVSS5.2AI score0.00214EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2025/07/11 9:34 a.m.9 views

Nextcloud: Participants were able to blindly delete poll drafts of other users by ID

Participants were able to blindly delete poll drafts of other users by ID...

4.3CVSS6.9AI score0.00214EPSS
Exploits0
Rows per page
Query Builder