48857 matches found
CVE-2026-2234
C@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...
CVE-2026-2096
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...
CVE-2026-2094
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...
CVE-2026-2096
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...
CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...
CVE-2026-2096
CVE-2026-2096 (Flowring Agentflow) : The vulnerability is a Missing Authentication issue in Agentflow by Flowring that allows unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. Reported impact is high/critical (CVSS v4.0 base 9.3 with...
CVE-2026-2094 Flowring|Docpedia - SQL Injection
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2026-2094
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2026-2094
CVE-2026-2094 concerns Docpedia (Flowring) with a SQL Injection flaw. The described impact: authenticated remote attackers can inject arbitrary SQL to read, modify, and delete database contents. The connected sources (NVD/Red Hat/CVE listing and other feeds) reiterate the same description; no con...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12063
Technical details (affected products, versions, root cause, or fixes) are not publicly available in the provided documents. Monitor for updates from vendors and threat intel feeds.
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2026-24319
In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high...
CVE-2026-0484
CVE-2026-0484 affects SAP NetWeaver Application Server ABAP and SAP S/4HANA. The root cause is a missing authorization check that enables an authenticated attacker to access a specific transaction code and modify text data, impacting integrity (I: High) while confidentiality and availability rema...
Missing Authorization
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authorization in the scheduler endpoint. An attacker can gain unauthorized access to create, modify, or delete schedules by sending crafted requests t...
CVE-2025-15147
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...