CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

PT-2026-30230

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description An authenticated user can access other user profiles by manipulating the id number within an API call. This occurs through a specific API endpoint. Recommendations At the moment, there is no...

PT-2025-5882 · Codeastro · Codeastro Complaint Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Complaint Management System version 1.0 Description: The issue concerns incorrect access control in the endpoint "/admin/m delete.php" that allows unauthorized attackers to delete complaints arbitrarily by modifying the id parameter...

python_book 安全漏洞

pythonbook is an online book lending website, book management system by Tim Green, an individual developer. A security vulnerability exists in pythonbook version V1.0, which stems from an access control error. An attacker can exploit the vulnerability to obtain sensitive information about users...

CVE-2005-2168

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...