CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

Mail.ru: Cross-organization data access in city-mobil.ru

A legitimate partner's superuser account could have access to information of driver belonging to different partner, including passport and driving license data. Combined Improrer Access + IDOR It was possible to get access to passport, drive license any taxi driver. As well as changed settings...

PT-2018-8827 · Cisco · Cisco Webex Teams

Name of the Vulnerable Software and Affected Versions: Cisco Webex Teams affected versions not specified Description: A vulnerability could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The issue exists because the affected...