CVE-2026-38587

CVE-2026-38587 is an Insecure Direct Object Reference (IDOR) impacting ONLYOFFICE DocSpace prior to 3.2.1. The flaw exists across multiple REST API endpoints and allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information such as the Owner’s ID and prof...

PT-2026-43264

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

EUVD-2020-5422

Malware in sbrugna...

GHSA-RM8P-CX58-HCVX

creationtimestamp| type| source ---|---|--- 2025-07-24 12:00:52+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lupidus46d2k 2025-07-25 12:00:52+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3luryssiohm2k...

CVE-2025-4694

creationtimestamp| type| source ---|---|--- 2025-07-06 01:11:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltb3njyq5y2l...

CVE-2024-6175

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2020-26175

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...

PT-2025-22350 · Unknown · Konsola Proget

Name of the Vulnerable Software and Affected Versions: Konsola Proget versions prior to 2.17.5 Description: A low-privileged user can access information about profiles created in Proget MDM, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive...

CVE-2025-3022

creationtimestamp| type| source ---|---|--- 2025-03-31 11:31:37+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9630 2025-03-31 12:40:24+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lloewosakd2n 2025-03-31 15:00:46+00:00| seen| https://t.me/cvedetector/21579 2025-08-10...

CVE-2025-2052

creationtimestamp| type| source ---|---|--- 2025-03-07 01:55:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljqvowzzrh2r 2025-03-07 04:03:59+00:00| seen| https://t.me/cvedetector/19775 2025-03-07 17:35:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6...

PT-2025-7637 · Unknown · Application

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue concerns the lack of authorization checks for the Host parameter, allowing unauthorized access to view profile information of other users. An attacker can exploit this by...

CERTFR-2020-ALE-012

creationtimestamp| type| source ---|---|--- 2025-01-29 16:33:44+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvfjr3pnv2i...

CVE-2024-5916

creationtimestamp| type| source ---|---|--- 2024-08-14 16:00:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-5916 2024-08-14 19:54:01+00:00| seen| https://t.me/cvedetector/3175 2025-04-30 19:03:23+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3lo2id54bbl2y...

PT-2024-37434 · WordPress · Booking Ultra Pro Appointments Booking Calendar Plugin

Name of the Vulnerable Software and Affected Versions: The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress versions up to, and including, 1.1.13 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify and delete multiple...

BIT-SILVERSTRIPE-2020-9311

In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login usually CMS access can craft profile information which can lead to XSS for other users through specially crafted login form URLs...

CVE-2024-24878

creationtimestamp| type| source ---|---|--- 2024-02-08 14:22:04+00:00| seen| https://t.me/ctinow/181393 2024-03-02 11:11:47+00:00| seen| https://t.me/ctinow/198320 2025-02-19 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3likodrvkhm2o...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

Design/Logic Flaw

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...