CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

EUVD-2026-34211

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

CVE-2026-49192 Summary Service Insecure Direct Object Reference

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites

Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...

phpMyFAQ: Public API endpoints expose emails and invisible questions

Summary Several public API endpoints return email addresses and non‑public records e.g. open questions with isVisible=false. Details OpenQuestionController::list calls Question::getAll with the default showAll=true, returning invisible questions and their emails. Similar exposures exist in...