2 matches found
GHSA-7VFX-4246-JCFH SolidInvoice: IDOR in LiveComponent allows same-company cross-user access to API tokens and notification transport settings
Summary Four authorization bypass vulnerabilities in Symfony LiveComponent actions allow any authenticated user within a company to access, modify, or delete other users' API tokens and notification transport settings. The root cause is that LiveComponent actions accept entity IDs without verifyi...
CVE-2025-55117
CVE-2025-55117 describes a stack-based buffer overflow in BMC Control-M/Agent when formatting an error message while SSL/TLS is configured. Reported impact is remote triggering under specific conditions: Control-M/Agent 9.0.20 with SSL/TLS configured to the non-default use_openssl=n; and Control-...