139 matches found
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025
KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025
KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
EUVD-2025-38272
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
CVE-2025-63783
Onlook web application 0.2.32 contains a Broken Object Level Authorization (BOLA) in tRPC mutation APIs (update, delete, add/remove tag). The API fails to verify the requester’s ownership/membership for the target project ID, enabling an authenticated attacker to modify, delete, or manipulate tag...
EUVD-2024-54316
Malicious code in bioql PyPI...
EUVD-2024-54317
Malicious code in bioql PyPI...
EUVD-2024-54487
Malicious code in bioql PyPI...
Exploit for CVE-2025-53640
CVE-2025-53640 – Authenticated User Enumeration in CERN's Indi...
CVE-2024-12305
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...
CVE-2023-41058
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...
CVE-2023-51649
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...
Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk
Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...