9 matches found
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
CVE-2025-62642
The RBI assistant platform (Restaurant Brands International) through 2025-09-06 exposes an unauthenticated account-creation API labeled “Anyone Can Join This Party,” which does not verify user account creation. This allows a remote, unauthenticated attacker to create user accounts. Connected sour...
EUVD-2025-34921
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
EUVD-2025-34922
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...
EUVD-2025-31182
Malicious code in bioql PyPI...
CVE-2025-0642
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass. This issue affects Assist: through 10.02.2025...
CVE-2024-13150
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection. This issue affects fayton.Pro ERP: through 20250929...
CVE-2024-13150 SQLi in Fayton Software's fayton.pro ERP
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection. This issue affects fayton.Pro ERP: through 20250929...
CVE-2024-12796 Reflected XSS in Holistic IT, Consultancy Coop.'s Workcube ERP
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Holistic IT, Consultancy Coop. Workcube ERP allows Reflected XSS. This issue affects Workcube ERP: from V12 - V14 before Cognitive...