Lucene search
K

8 matches found

CNVD
CNVD
added 2025/11/10 12:0 a.m.3 views

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30336)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect validation of the parameters iddenuncia and iduser authorization in /backend/api/buscarDocumentosByIdDenunciaUsuario.php. An attacker...

8.7CVSS6.2AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 12:49 p.m.8 views

CVE-2025-41111

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...

8.7CVSS6.7AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 12:49 p.m.13 views

CVE-2025-41341

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'...

8.7CVSS6.7AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 1:15 p.m.6 views

CVE-2025-41114

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'iduser' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'...

8.7CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2025/11/04 1:10 p.m.13 views

CVE-2025-41114

CanalDenuncia.app is affected by a missing authorization vulnerability allowing an attacker to access other users’ information via a POST to /backend/api/buscarDocumentosByIdDenunciaUsuario.php with id_denuncia and id_user. The root cause is improper authorization validation for these parameters,...

8.7CVSS6.3AI score0.0027EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/04 1:10 p.m.9 views

CVE-2025-41113 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarDenunciaByPin.php'...

8.7CVSS0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.4 views

PT-2025-44995

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the id...

8.7CVSS6.4AI score0.0027EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-45005

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization allows an attacker to access other users' information. This is achieved by sending a POST request through the parameters id tp denuncia and id sociedad in th...

8.7CVSS6.4AI score0.0027EPSS
Exploits0References3
Rows per page
Query Builder