Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

EUVD-2025-208325

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

PT-2026-23502

Name of the Vulnerable Software and Affected Versions OpenCode Systems OC Messaging / USSD Gateway version 6.32.2 Description The software contains a flaw in access control within the web-based control panel. An authenticated attacker with limited privileges can access arbitrary SMS messages by...

CVE-2025-25236

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...

CVE-2025-25236

Omnissa Workspace ONE UEM (affected families: 24.2.x before 24.2.0.36, 24.6.x before 24.6.0.44, or 24.10.x before 24.10.0.25) contains an observable response discrepancy vulnerability (CVE-2025-25236). The issue may allow enumeration of sensitive data such as tenant IDs and user accounts, enablin...

CVE-2025-25236

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...

PT-2025-46681

Name of the Vulnerable Software and Affected Versions Omnissa Workspace ONE UEM affected versions not specified Description A discrepancy in observable responses exists in Omnissa Workspace ONE UEM. This could allow a malicious actor to enumerate sensitive information, including tenant ID and use...

Inforcer Platform 安全漏洞

Inforcer Platform is a multi-tenant management platform from the Dutch company Inforcer. A security vulnerability exists in Inforcer Platform version 2.0.153, which stems from the presence of an insecure direct object reference in the /tenants/id API endpoint, which could lead to a low-privileged...

CVE-2025-11316

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed...

CVE-2025-11316

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed...

CVE-2025-11316

CVE-2025-11316 affects Tipray Data Leakage Prevention System (天锐数据泄露防护系统) version 1.0. The vulnerability is in the function findCategoryPage in the file findCategoryPage.do, where manipulation of the argument tenantId can lead to an SQL injection. The issue is exploitable remotely, and public exp...

EUVD-2025-32484

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed...

CVE-2025-11316 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findCategoryPage.do findCategoryPage sql injection

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed...

CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

Campcodes House Rental Management System SQL注入漏洞

Campcodes House Rental Management System is a house rental management system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes House Rental Management System, which is caused by an SQL injection in the id parameter of the managetenant.php file...

OESA-2023-1998 mybatis security update

The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object...

OESA-2023-1996 mybatis security update

The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object...

PT-2023-20027 · Unknown · Mybatis Plus

Name of the Vulnerable Software and Affected Versions: Mybatis plus versions prior to 3.5.3.1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the tenant ID value. This can occur in misconfigured applications. The documentation provides guidance on...

SUSE CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

UBUNTU-CVE-2014-0056

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...