CVE-2026-35165

CVE-2026-35165 affects LORIS (Longitudinal Online Research and Imaging System). From 21.0.0 up to just before 27.0.3 and 28.0.1, the document_repository frontend enforced access controls while the backend endpoint failed to verify permissions, allowing a user to potentially download a file they s...

CVE-2026-27471

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

CVE-2025-24373

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

CVE-2016-6353

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler...

IBM ENOVIA安全绕过漏洞

BUGTRAQ ID: 31748 CNCAN ID：CNCAN-2008101602 IBM ENOVIA是一款产品数据管理技术。 IBM ENOVIA存在一个未明安全问题，远程攻击者可以利用漏洞绕过安全限制，打开未授权文档。 目前没有详细漏洞细节提供。 IBM ENOVIA V5R18 SP4 IBM ENOVIA 厂商解决方案 可参考如下安全公告获得补丁信息： http://www-01.ibm.com/support/docview.wss?uid=swg27012567...