34258 matches found
EUVD-2026-24746
An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...
EUVD-2026-24748
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...
CVE-2018-25269 ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the...
CVE-2018-25269
CVE-2018-25269 : ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability allowing HTML injection into emails. Attackers can embed base64 payloads in object/embed tags and craft emails with data URIs that execute scripts when viewed, potentially compromising user sessions and leaking sensit...
CVE-2018-25269
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the...
CVE-2026-6355
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...
CVE-2026-5750
An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...
CVE-2026-5750
An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...
CVE-2026-5750 Insecure direct object reference (IDOR) vulnerability in Fullstep
An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...
CVE-2026-5750
CVE-2026-5750 describes an IDOR vulnerability in the Fullstep V5 registration flow. Authenticated users can access data belonging to other registered users via vulnerable endpoints, notably “/api/suppliers/v1/suppliers//false” (listing user information) and “/#/supplier-registration/supplier-regi...
CVE-2026-6355 CVE-2026-6355
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...
CVE-2026-6355
CVE-2026-6355 describes a vulnerability in a web application where unauthorized users can access and manipulate sensitive data across tenants by exploiting insecure direct object references. The root cause is insecure handling of object identifiers that allows cross-tenant access and configuratio...
CVE-2026-6355
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...
CVE-2026-6355 CVE-2026-6355
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...
[SECURITY] Fedora 42 Update: python-cbor2-5.6.5-8.fc42
This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...
OPENSUSE-SU-2026:20612-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...
WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...
WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Kapee versions 1.7.0...
WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme PressMart versions = 1.2.26...
WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme EmallShop versions = 2.4.21...