363 matches found
ASB-A-500171842
Bulletin has no description...
CGA-3893-P8H8-XVP4
Bulletin has no description...
PT-2026-45007
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.480 Description The software constructs all or part of a code segment using externally-influenced input from an upstream component without properly neutralizing special elements. This can modify the syntax or behavior...
CVE-2026-43890
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
EUVD-2026-29334
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
MINI-V7JV-537M-F8FW
Bulletin has no description...
MINI-3PGP-2XF4-MQQP
Bulletin has no description...
VMware Spring AI 安全漏洞
VMware Spring AI is a development framework from VMware that integrates artificial intelligence and big language modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.0.0 through 1.0.7 prior and 1.1.0 through 1.1.6 prior, which stems from...
CVE-2026-40865
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
MINI-M88M-PHM8-J7WF
Bulletin has no description...
MINI-8CCR-MMM7-4VV7
Bulletin has no description...
CVE-2026-5414
A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...
CVE-2026-5414 Newgen OmniDocs WebApiRequestRedirection resource injection
A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack may be performed...
Newgen OmniDocs 安全漏洞
Newgen OmniDocs is an enterprise content management suite provided by Newgen Corporation. Versions of Newgen OmniDocs 12.0.00 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the DocumentId parameter in files/omnidocs/WebApiRequestRedirection,...
PT-2026-29866
Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A security flaw exists in Newgen OmniDocs up to version 12.0.00. The issue involves improper control of resource identifiers due to manipulation of the DocumentId argument within the...
MINI-JXP5-QW6M-3456
Bulletin has no description...
MINI-8QG8-WF36-9HGR
Bulletin has no description...
MINI-FJ37-7897-H5V7
Bulletin has no description...
CVE-2026-25927 OpenEMR Missing Authorization Checks in DICOM Viewer State API
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API e.g. upload or state save/load accepts a document ID docid without verifying that the document belongs to the current user’s authorized patie...