5 matches found
CVE-2026-50026 Frappe: Lack of permissions checks in 'relink' and 'set_email_password' endpoints
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...
Decidim 安全漏洞
Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.0.1 to 0.30.5 and 0.31.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks for the commentable fields in the API, which could...
EUVD-2026-11292
Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspaces. Specially crafted requests could lead to stored XSS here. This vulnerability is fixed in...
CVE-2025-10184 OnePlus OxygenOS Telephony provider permission bypass
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...
PT-2024-30349 · Unknown · Masteriyo - Lms
Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.11.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For Masteriyo - LMS versions 1.11....