CVE-2025-24887

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

CVE-2025-24887

OpenCTI has a CVE-2025-24887 vulnerability affecting versions 6.4.8–6.4.9. The issue lets a user bypass the allow/deny lists to modify attributes meant to be immutable, including toggling the external flag, changing a user’s own token, and editing non-allow-listed attributes such as otp_qr and ot...

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

Novell eDirectory Remote Elevation of Privilege Vulnerability

Novell eDirectory is an identity management infrastructure platform that combines identity management architecture and directory services technology from Novell, USA. The platform provides authentication policies, data backup and recovery services, data disaster recovery and other functions. A...