14 matches found
BankPro E-Service Service Center 安全漏洞
The BankPro E-Service Service Center is a digital banking service management platform provided by BankPro E-Service in Taiwan, China. There is a security vulnerability in the BankPro E-Service Service Center. This vulnerability stems from insecure direct object references, which may allow...
CVE-2026-39348
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...
CVE-2026-39348
CVE-2026-39348 affects OrangeHRM Open Source versions 5.0–5.8 where the AbstractFileController subclasses do not perform authorization checks for job specification and vacancy attachment downloads. This allows authenticated, low-privilege users to read attachments by directly referencing attachme...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a data integration platform developed by the American multinational company International Business Machines IBM. This platform can be used to integrate data from various sources. Versions of IBM InfoSphere Information Server 11.7.1.6 and earlier contain securi...
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.0.13 contained security vulnerabilities, which were caused by insecure direct object references. These vulnerabilities could lead to account takeover and bypassing...
WordPress plugin Wishlist and Save for later for Woocommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2024-31898
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182...
WordPress Plugin FeedWordPress Security Breach
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Tilde CMS Information Disclosure Vulnerability
Tilde CMS is a web content management system CMS. A security vulnerability exists in Tilde CMS version 1.0.1. An attacker can exploit the vulnerability by using direct references to retrieve sensitive data and download local PHP resources e.g., admin/content.php and...
CVE-2017-11327
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
Design/Logic Flaw
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
CVE-2017-11327
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
CVE-2017-11327
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
CVE-2017-11327
CVE-2017-11327 affects Tilde CMS 1.0.1. An information-disclosure flaw allows a low-privileged user to retrieve sensitive data by using direct references and load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. The connected CNVD/NVD entries corroborate direct-ref...