CVE-2026-25197

CVE-2026-25197 pertains to Gardyn Cloud API, where an endpoint allows an authenticated user to pivot to other user profiles by altering the id parameter in the API call. The underlying issue is an authorization bypass via a user-controlled key/id, enabling access to other profiles and potentially...

CVE-2023-31679

Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter...

CVE-2025-61876

Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...

CVE-2025-61876

CVE-2025-61876 is an IDOR flaw in Inforcer Platform 2.0.153 allowing a low-privilege, authenticated user to enumerate and access tenant data from other clients by altering the tenant ID in the /tenants/{id} URL. The Red Hat and NVD records corroborate the issue; the CVSSv3.1 score is 5.0 (Medium)...

EUVD-2004-0496

Malware in sbrugna...

EUVD-2013-5836

Malware in sbrugna...

EUVD-2006-1628

Malware in sbrugna...

EUVD-2012-4008

Malware in sbrugna...

EUVD-2006-3827

Malware in sbrugna...

EUVD-2001-0977

Malware in sbrugna...

EUVD-2007-6583

Malware in sbrugna...

EUVD-2024-32834

Malicious code in bioql PyPI...

EUVD-2023-28824

Malicious code in bioql PyPI...

Alert Enterprise Guardian 安全漏洞

Alert Enterprise Guardian is a physical identity and access management system open-sourced by Alert Enterprise in the United States. A security vulnerability exists in Alert Enterprise Guardian version 4.1.14.2.2.1 that originates from bypassing manager approval by modifying the user ID in the...

CVE-2024-0710

The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and repla...

CVE-2020-7993

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation on behalf of other user accounts via a modified email ID field...

CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a 1 user or 2 gro...

CVE-2025-24804 Partial Denial of Service (DoS) in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...

CVE-2024-46097

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...

CVE-2024-0710

The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and repla...