📄 UNI-PASS-Based Customs Systems Insecure Direct Object Reference

A critical security vulnerability has been identified in customs platforms based on UNI-PASS, where a publicly exposed API endpoint allows unauthorized access to sensitive documents without proper authentication or authorization checks. The affected endpoint commonly structured under /api/public/...

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

PT-2025-48071

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

EUVD-2025-10293

Malicious code in bioql PyPI...

CVE-2024-51210

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full...

cups: Information leak through Cups-Get-Document operation

A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach...

cups: Information leak through Cups-Get-Document operation

A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach...

CVE-2023-32360

A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach. Mitigation The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files,...

h1-ctf: [h1-415 2020] My writeup on how to retrieve the special secret document

Summary: An attacker without any privilege is able to retrieve the special secret document, hosted on the https://h1-415.h1ctf.com website. To do so, multiple steps are required : 1. The authentication must be bypassed to have a licensed account; 2. The support team portal is vulnerable to a blin...

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:3347-1)

This update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr MFSA 2019-37 bsc1158328 Security issues fixed : CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments ...

CentOS 6 : firefox (CESA-2019:4108)

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mozilla: Use-after-free when retrieving a document in antitracking

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

XCat - Automate XPath Injection Attacks to Retrieve Documents

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...