6 matches found
CVE-2026-49956
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
CVE-2026-49956
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
PT-2026-47854
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
CVE-2025-69752
The CVE-2025-69752 entry concerns Ideagen Q-Pulse 7.1.0.32. The vulnerability arises in the My Details user profile function, where an authenticated user can view other users’ profile information by altering the objectKey parameter in the My Details page URL. Affected component: the My Details/pr...
CVE-2025-69752
An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...
CVE-2025-67645
OpenEMR (versions prior to 7.0.4) is affected by a broken access control vulnerability in the Profile Edit endpoint. An authenticated normal user can modify request parameters (pubpid/pid) to reference another user’s record, causing changes to another user’s profile data (e.g., name, contact info...