CVE-2026-40865

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

PT-2026-39225

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.6 Spring AI versions 1.1.0 through 1.1.5 Description The doDeleteList function in the MilvusVectorStore implementation is susceptible to filter-expression injection. This occurs because document IDs are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter expressions by supplying crafted document IDs that are not properly sanitized before bei...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

SQL Injection

Overview org.springframework.ai:spring-ai-azure-cosmos-db-store is a Spring AI Vector Store for Azure Cosmos DB Affected versions of this package are vulnerable to SQL Injection via document ID handling in CosmosDBVectorStore. An attacker can execute arbitrary SQL queries by supplying crafted...

SiYuan 缓冲区错误漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained a buffer error vulnerability. This vulnerability stemmed from the use of the/api/file/readDir interface to retrieve document IDs, which could lead to information...

CVE-2026-28506

The CVE-2026-28506 affects Outline prior to 1.5.0. A logic flaw in the events.list API endpoint’s filtering lets any authenticated user retrieve activity events for documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user’s actual permissions. This resul...

EUVD-2026-12584

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-28506

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

EUVD-2026-8715

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API e.g. upload or state save/load accepts a document ID docid without verifying that the document belongs to the current user’s authorized patie...

CVE-2026-25927

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API e.g. upload or state save/load accepts a document ID docid without verifying that the document belongs to the current user’s authorized patie...

CVE-2026-25927

OpenEMR before 8.0.0 exposes a DICOM viewer state API (upload/state save-load) that accepts a document ID (doc_id) without verifying ownership of the patient/encounter. An authenticated user can read or modify DICOM viewer state (e.g., annotations, view settings) by enumerating document IDs, lead...

EUVD-2026-2050

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-4596

CVE-2025-4596 affects the Asseco ADMX system (Asseco AMDX) used for processing medical records. The issue is an information disclosure via IDOR-like access: authenticated users can view medical files belonging to other users by manipulating GET parameters containing document IDs. Root cause: impr...

EUVD-2025-204815

A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security bypass vulnerability caused by an error related to a corrupted content process. An attacker can exploit the vulnerability to modify document URIs...

CVE-2022-32565

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids...

MS:A29156D6-1CC1-4886-8DFB-E8DA07392B3F

...