10 matches found
EUVD-2024-38280
Malicious code in bioql PyPI...
Indico may disclose unauthorized user details access via legacy API
Impact A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds It ...
Dokploy 安全漏洞
Dokploy is an open source software from Dokploy Open Source. A security vulnerability exists in Dokploy versions prior to 0.23.7, which stems from a low-privileged account being able to retrieve other users' details, potentially leading to information disclosure...
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
Moodle has an IDOR in messaging web service which allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
CVE-2025-3640
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
PT-2025-17915
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in the software, where insufficient capability checks allowed a user enrolled in a course to access certain details of other users they did not have permission to access, such...
PT-2022-16234 · WordPress · Simply Schedule Appointments
Name of the Vulnerable Software and Affected Versions: Simply Schedule Appointments WordPress plugin versions prior to 1.5.7.7 Description: The issue is related to missing authorization in a REST endpoint, allowing unauthenticated users to retrieve WordPress users' details, such as name and email...