40 matches found
Frappe Learning Management System 安全漏洞
Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A security vulnerability exists in Frappe Learning Management System versions prior to 2.41.0, which stems from a flaw in the server-side authorization logic that could result in a...
PT-2025-49307
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.41.0 Description A flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. The affected endpoint...
EUVD-2025-37759
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
PT-2025-44991
Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...
CVE-2025-63562
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...
CVE-2025-63562
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...
CVE-2025-63562
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...
CVE-2025-63562
The CVE describes a vulnerability in Summer Pearl Group Vacation Rental Management Platform prior to version 1.0.2 where server-side authorization is insufficient. Authenticated attackers can manipulate request parameters (e.g., owner or resource id) to call endpoints and perform create, update, ...
EUVD-2024-29404
Malicious code in bioql PyPI...
CVE-2025-57605
Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...
CVE-2025-57605
Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...
CVE-2025-57605
Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...
CVE-2025-57605
CVE-2025-57605 affects AiKaan IoT Platform: lack of server-side authorization on department admin assignment APIs allows authenticated users to elevate privileges by assigning themselves as admins of other departments, leading to unauthorized privilege escalation across the department. Documented...
AiKaan IoT Platform 安全漏洞
AiKaan IoT Platform is an edge device management platform from AiKaan India. AiKaan IoT Platform has a security vulnerability that stems from a lack of server-side authorization for departmental administrators to assign APIs, which could lead to unauthorized elevation of privileges...
CVE-2024-41979
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete acce...
CVE-2024-41979
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete acce...
Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)
Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same...
LinkedIn: Unauthorized User can View Subscribers of Other Users Newsletters
A vulnerability existed in the LinkedIn Voyager platform that allowed unauthorized users to view the subscriber list and details of other users' newsletters by replaying a vulnerable request using the victim's NewsletterId. This was due to missing server-side authorization checks on a specific AP...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...