Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/29 5:18 p.m.6 views

EUVD-2026-40162

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 7:18 p.m.15 views

CVE-2026-55198

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 5:59 p.m.17 views

CVE-2026-55198

Hermes WebUI prior to 0.51.443 contains an authorization bypass in the session export endpoint. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, allowing authenticated users to exfiltrate transcripts from other profiles ...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.11 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47854

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/02/12 12:0 a.m.10 views

CVE-2025-69752

CVE-2025-69752 describes an access control issue in Ideagen Q-Pulse 7.1.0.32, where an authenticated user can view other users’ profile information by tampering with the objectKey parameter in the My Details page URL. The affected component is the My Details user profile functionality; the underl...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.4 views

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

5.5AI score0.00162EPSS
Exploits0References4
CVE
CVE
added 2026/01/27 11:20 p.m.22 views

CVE-2025-67645

OpenEMR (versions prior to 7.0.4) is affected by a broken access control vulnerability in the Profile Edit endpoint. An authenticated normal user can modify request parameters (pubpid/pid) to reference another user’s record, causing changes to another user’s profile data (e.g., name, contact info...

8.8CVSS5.9AI score0.00333EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder