CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

CVE-2025-64067

Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...

ARCHIBUS Web Central 安全漏洞

ARCHIBUS Web Central is a web-based web management center for ARCHIBUS that organizes facility and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, ed...

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) is related to insufficient protection of configuration data, allowing attackers to gain unauthorized access to protected data.

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router NWL-25 is related to insufficient protection of configuration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to configuration files and profiles...