2 matches found
PT-2026-36909
Name of the Vulnerable Software and Affected Versions IKUS Rdiffweb versions prior to 2.10.6 Description An improper authorization flaw exists where the API fails to enforce binding between the authenticated subject and the targeted user or tenant. This allows an attacker possessing any valid or...
CVE-2025-24974
CVE-2025-24974 affects DataEase (open source BI/data visualization tool). Prior to version 2.10.6, authenticated users could read and deserialize arbitrary files via the background JDBC connection. The issue has been fixed in v2.10.6. No public workarounds are documented. Impact is described as h...