CVE-2025-69727

CVE-2025-69727 affects INDEX-EDUCATION PRONOTE

CVE-2025-66290

OrangeHRM CVE-2025-66290 affects versions 5.0–5.7. The recruitment attachment retrieval endpoint does not enforce authorization checks, allowing any authenticated user (even with ESS-level access) to access candidate attachments. The endpoint validates the session but does not verify recruitment ...

CVE-2025-64705

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed vi...

Improper Authorization

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Improper Authorization via direct URL access. An attacker can view sensitive reception details by accessing specific URLs without the required...

CVE-2022-42438

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...

PT-2022-6310 · Ibm · Ibm Cloud Pak For Multicloud Management Monitoring

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Multicloud Management Monitoring versions 2.0 through 2.3 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow a remote attacker to elevate...

Viki Solutions Viki Vera 访问控制错误漏洞

Viki Solutions Viki Vera is a suite of workflow customization platforms from Canadian company Viki Solutions. The platform supports file uploading, job management, and other features. An access control error vulnerability exists in Viki Vera version 4.9.1.26180, which is related to the affected...