Lucene search
K

40 matches found

CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A security vulnerability exists in Frappe Learning Management System versions prior to 2.41.0, which stems from a flaw in the server-side authorization logic that could result in a...

6.5CVSS6.4AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49307

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.41.0 Description A flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. The affected endpoint...

5.3CVSS6.5AI score0.00181EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/04 10:25 a.m.7 views

EUVD-2025-37759

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS6AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 10:25 a.m.4 views

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS6.1AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44991

Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...

8.5CVSS6.2AI score0.00154EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/03 2:47 p.m.6 views

CVE-2025-63562

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...

6.3CVSS7AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/10/31 8:15 p.m.7 views

CVE-2025-63562

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...

6.3CVSS0.00178EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 8:15 p.m.5 views

CVE-2025-63562

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 12:0 a.m.13 views

CVE-2025-63562

The CVE describes a vulnerability in Summer Pearl Group Vacation Rental Management Platform prior to version 1.0.2 where server-side authorization is insufficient. Authenticated attackers can manipulate request parameters (e.g., owner or resource id) to call endpoints and perform create, update, ...

6.3CVSS6.6AI score0.00178EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29404

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00373EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/24 12:28 a.m.11 views

CVE-2025-57605

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...

8.8CVSS6.7AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 12:0 a.m.2 views

CVE-2025-57605

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...

6.3AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.8 views

CVE-2025-57605

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...

0.00276EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 12:0 a.m.19 views

CVE-2025-57605

CVE-2025-57605 affects AiKaan IoT Platform: lack of server-side authorization on department admin assignment APIs allows authenticated users to elevate privileges by assigning themselves as admins of other departments, leading to unauthorized privilege escalation across the department. Documented...

8.8CVSS6.3AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

AiKaan IoT Platform 安全漏洞

AiKaan IoT Platform is an edge device management platform from AiKaan India. AiKaan IoT Platform has a security vulnerability that stems from a lack of server-side authorization for departmental administrators to assign APIs, which could lead to unauthorized elevation of privileges...

8.8CVSS6.7AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/08/12 12:15 p.m.4 views

CVE-2024-41979

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete acce...

8CVSS5.7AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/12 11:16 a.m.2 views

CVE-2024-41979

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete acce...

7.5CVSS7AI score0.00159EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/04/11 1:0 p.m.11 views

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2022/09/29 6:46 a.m.11 views

LinkedIn: Unauthorized User can View Subscribers of Other Users Newsletters

A vulnerability existed in the LinkedIn Voyager platform that allowed unauthorized users to view the subscriber list and details of other users' newsletters by replaying a vulnerable request using the victim's NewsletterId. This was due to missing server-side authorization checks on a specific AP...

6.9AI score
Exploits0
OSV
OSV
added 2020/09/02 5:15 p.m.3 views

CVE-2020-24028

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...

8.8CVSS7.3AI score0.02278EPSS
Exploits0References3
Rows per page
Query Builder