CVE-2025-71242

SPIP exposes an Authorization Bypass in private content disclosure for versions prior to 4.3.6, including 4.2.17 and 4.1.20. The flaw occurs when SPIP displays article and rubrique content in AJAX-loaded fragments without proper authorization checks, enabling an authenticated attacker to access r...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper sandboxing or escaping of iframe content in private areas, which could lead to cross-site scripting...

EUVD-2025-1801

Malicious code in bioql PyPI...

PT-2025-18177 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a lack of proper authorization control in multiple areas of the Bookgy application. This deficiency could allow a malicious actor, without authentication, to reach...

Bookgy 安全漏洞

Bookgy is an online reservation management and booking system for all types of small and medium-sized businesses from Bookgy, Inc. A security vulnerability exists in Bookgy that stems from insufficient authorization controls and could lead to unauthenticated users accessing private areas...

CVE-2025-0637

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been...

CVE-2025-0637 Inadequate access control in Beta10

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been...

CVE-2025-0637

CVE-2025-0637 describes an inadequate authorization control in Beta10, allowing unauthenticated actors to access private or restricted areas via the /app/tools.html endpoint. The issue is concrete: missing authorization checks in Beta10 software (no specifics on affected versions in the initial d...

PT-2025-3992 · Beta10 · Beta10

Name of the Vulnerable Software and Affected Versions: Beta10 software affected versions not specified Description: The Beta10 software does not provide proper authorization control in multiple areas of the application, allowing a malicious actor to access private areas and/or areas intended for...

GHSA-G53G-Q539-93CV Server-Side Request Forgery in scout-browser

Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...