CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

543 matches found

Snyk•added 2026/05/04 9:30 p.m.•4 views

Access Control Bypass

Overview rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Access Control Bypass via the API authentication process. An attacker can gain unauthorized access to other users' data and perform actions on their behalf by using any valid ...

8.6CVSS5.8AI score0.0003EPSS

Exploits0References2

NVD•added 2026/05/04 8:16 p.m.•1 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

8.1CVSS0.0003EPSS

Exploits0References2

EUVD•added 2026/05/04 12:0 a.m.•1 views

EUVD-2025-209635

5.8AI score0.0003EPSS

Exploits0References2

CNNVD•added 2026/05/04 12:0 a.m.•3 views

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...

8.1CVSS5.8AI score0.0003EPSS

Exploits0References2

CVE•added 2026/05/04 12:0 a.m.•4 views

CVE-2025-67796

IKUS Rdiffweb is affected by an improper authorization vulnerability (CVE-2025-67796) in versions prior to 2.10.6. The API fails to bind the authenticated subject to the targeted user/tenant, allowing a valid or stolen token to read or modify other users’ data and potentially perform privileged a...

8.1CVSS5.8AI score0.0003EPSS

Exploits0References2