CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

EUVD-2014-8109

Malware in sbrugna...

EUVD-2024-52756

Malicious code in bioql PyPI...

CVE-2024-55232

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information...

CVE-2024-55232

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information...

CVE-2024-55232

CVE-2024-55232 describes an IDOR vulnerability in the PHPGurukul Online Notes Sharing Management System v1.0, specifically in the manage-notes.php module. The root cause is missing authorization checks that permit unauthorized users to delete notes belonging to other accounts. The impact, as stat...

CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks Have an administrator open the following HTML file:...

Cross-Site Request Forgery (CSRF) in archivy/archivy

Title Missing CSRF token validation leads to note deletion. Summary Route /dataobj/delete/ is responsible for note deletion. Instead of POST it accepts GET and DELETE methods. @app.route"/dataobj/delete/", methods="DELETE", "GET" def deletedatadataobjid: try: data.deleteitemdataobjid except...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1...

[Responsible disclosure] How I could have removed all your Facebook notes

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Summary: This blog post is about an Insecure direct object reference vulnerability in Facebook Notes using which attacker could have removed all your notes just b...

CVE-2014-8268

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...

CVE-2012-1120

CVE-2012-1120 affects MantisBT before 1.2.9. The flaw is in the SOAP API where permissions for bug notes and delete_bug are not properly enforced, enabling remote authenticated users with read/write SOAP API privileges to delete arbitrary bug reports and notes. The vulnerability stems from incorr...