13 matches found
CVE-2026-43890
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
CVE-2026-43890
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
CVE-2026-43890 Outline: IDOR in subscriptions.create allows cross-tenant subscription on private documents (sibling of GHSA-23jj-rp48-w7q7)
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
Outline 安全漏洞
Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.7.0 of Outline contain security vulnerabilities. These vulnerabilities stem from a corrupted authorization pattern in the subscriptions.create API endpoint. When both collectionId and documentId are provided...
EUVD-2025-31564
Malicious code in bioql PyPI...
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342
Affected software : Perfex CRM v3.2.1. Vulnerability : HTML injection via stored input in the name parameter sent to POST /subscriptions/create. Root cause : insufficient validation/sanitization of user-supplied data in that endpoint. Impact : stored HTML injection; public-facing input could lead...
CVE-2025-10342 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-10342 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
Perfex CRM 跨站脚本漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...
PT-2025-39815
Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request to the /subscriptions/create API endpoint with malicious content in the...
CVE-2025-54458
Mattermost Confluence Plugin vulnerability CVE-2025-54458: versions = 1.5.0 or apply vendor-provided fix as available.