CVE-2025-67645 OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters pubpid / pid to reference another user’s recor...

CVE-2026-22814

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

EUVD-2014-6177

Malware in sbrugna...

EUVD-2004-1974

Malware in sbrugna...

Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7vm2-j586-vcvc. This link is maintained to preserve external references. Original Description A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or...

CVE-2025-11060

A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records...

CVE-2024-27095

Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1...

CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

CVE-2023-39345

CVE-2023-39345 affects the Strapi open‑source CMS. According to the sources, versions prior to 4.13.1 did not properly restrict write access to fields marked as private in the user registration endpoint, allowing a malicious user to modify their own records. The issue is addressed in version 4.13...

EulerOS 2.0 SP3 : samba (EulerOS-SA-2020-2110)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way...

CVE-2019-7347

A Time-of-check Time-of-use TOCTOU Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records add/delete Monitors, Users, etc...

CVE-2004-1982

Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field...

CVE-2001-1369

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields...