Lucene search
K

137 matches found

Vulnrichment
Vulnrichment
added 2026/02/25 6:22 p.m.6 views

CVE-2026-25164 OpenEMR's Document and Insurance REST Endpoints Skip ACL

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

8.1CVSS5.9AI score0.0026EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.13 views

CVE-2026-27471

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS5.3AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 7:16 a.m.9 views

CVE-2026-27471

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/21 6:38 a.m.22 views

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS0.00324EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/21 6:38 a.m.3 views

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS5.2AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/02/21 6:38 a.m.26 views

CVE-2026-27471

CVE-2026-27471 affects ERP, an open-source ERP tool. Versions up to 15.98.0 and 16.0.0-rc.1 through 16.6.0 have endpoints without proper access validation, allowing unauthorized document access. This has been fixed in 15.98.1 and 16.6.1. The impact is unauthorized access to documents via exposed ...

9.3CVSS5.4AI score0.00324EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/21 6:38 a.m.8 views

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

9.3CVSS5.4AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/19 6:8 p.m.28 views

CVE-2026-23878 HotCRP vulnerable to exposure of submitted documents

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...

6.5CVSS0.00257EPSS
Exploits0References3
NVD
NVD
added 2026/01/15 4:16 p.m.10 views

CVE-2025-64516

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

7.5CVSS0.00277EPSS
Exploits1References5
CVE
CVE
added 2026/01/15 4:1 p.m.22 views

CVE-2025-64516

GLPI before versions 10.0.21 and 11.0.3 suffers an access-control vulnerability where an unauthorized user can view documents attached to any item (tickets, assets, etc.). If the public FAQ is enabled, this can be exploited anonymously. The issue is fixed in GLPI 10.0.21 and 11.0.3. CVSS v3.1 sco...

7.5CVSS6.3AI score0.00277EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.9 views

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

7.5CVSS7.1AI score0.03463EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/11 11:56 a.m.9 views

CVE-2025-41358

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

8.3CVSS6.6AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.8 views

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

9.8CVSS6.9AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 9:32 p.m.6 views

EUVD-2025-199637

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

5.3CVSS6.4AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 7:15 p.m.4 views

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

9.8CVSS5.9AI score0.00332EPSS
Exploits0References2
NVD
NVD
added 2025/11/25 7:15 p.m.6 views

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

9.8CVSS0.00332EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.15 views

CVE-2025-64766

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/11/17 10:15 p.m.6 views

CVE-2025-64766

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

5.3CVSS0.00246EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/17 9:38 p.m.6 views

EUVD-2025-197878

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

5.3CVSS6.2AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/17 9:38 p.m.10 views

CVE-2025-64766 NixOS has hardcoded credentials in Onlyoffice module

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

5.3CVSS0.00246EPSS
Exploits0References5
Rows per page
Query Builder