11 matches found
CVE-2026-25606
A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the...
PT-2026-36909
Name of the Vulnerable Software and Affected Versions IKUS Rdiffweb versions prior to 2.10.6 Description An improper authorization flaw exists where the API fails to enforce binding between the authenticated subject and the targeted user or tenant. This allows an attacker possessing any valid or...
CVE-2026-7491
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data...
CVE-2025-41078 Multiple vulnerabilities in Viafirma products
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the...
PT-2025-51371
Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 4.1.3 Description The Dokan Pro plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the /dokan/v1/wholesale/register API endpoint. An unauthenticated...
PT-2025-45003
Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request with the...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
PT-2023-23934 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.5 Description: A logic issue was addressed with improved state management, allowing a user to potentially read information belonging to another user. Recommendations: For versions prior to 13.5, update to macOS...
CVE-2021-24198
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through...
HashiCorp Consul Input Validation Error Vulnerability
HashiCorp Consul is a distributed, highly available data center-aware solution. The product is used to connect and provision applications across dynamically distributed infrastructures. An input validation error vulnerability exists in HashiCorp Consul and Consul Enterprise, which stems from the...
CVE-2011-1855
Unspecified vulnerability in HP Network Node Manager i NNMi 9.0x allows local users to read or modify 1 log files or 2 other data via unknown vectors...