CVE-2026-28685 Kimai: API invoice endpoint missing customer-level access control (IDOR)

Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/id" only checks the role-based viewinvoice permission but does not verify the requesting user has access to the invoice's customer. Any user with ROLETEAMLEAD which grants viewinvoice can read a...

CVE-2025-65899

Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...

PT-2025-49144

Name of the Vulnerable Software and Affected Versions Kalmia CMS version 0.2.0 Description The application exhibits a user enumeration issue in its authentication process. Different error messages are returned depending on whether a user exists or not, or if the password is incorrect. Specificall...

EUVD-2019-14263

Malware in sbrugna...

CVE-2024-31033

JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

CVE-2025-0049

CVE-2025-0049 affects Fortra GoAnywhere before version 7.8.0. The vulnerability stems from an error message returned when a web user without Create permission on subfolders uploads a file to a non-existent directory; the message may expose the absolute server path, which could enable fuzzing for ...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

CVE-2025-46655

CVE-2025-46655 affects CodiMD up to version 2.5.4. The issue is a bypass of the CSP-based XSS protection for SVG uploads when using cross-origin file storage (e.g., AWS S3) in configurations where the architecture cannot insert Content-Security-Policy headers. This can allow XSS in certain storag...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

CVE-2024-56495

IBM EntireX 11.1 contains an information-disclosure vulnerability: a local user can obtain sensitive data by triggering a detailed technical error message. The issue is documented under CVE-2024-56495 with a CVSS v3.1 base score of 3.3 (LOW) and an attack vector of LOCAL. The IBM Security Bulleti...

MGASA-2023-0332 Updated roundcubemail packages fix XSS security vulnerabilities

Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting XSS vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download CVE-2023-47272 Fix cross-site scripting XSS vulnerability in handling of SVG in HTML messages. CVE-2023-5631 Some...

"Error: Not a privileged user” after Citrix Gateway authentication passed

After users input their username and password on the NetScaler Gateway login page, the URL redirects to the StoreFront SF URL. However, the application list fails to display, and an error message stating "Error: Not a privileged user" appears...

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

Cannot complete request when accessing HTTPS Storefront URL

When users access the storefront webpage they get an error saying "cannot complete request" on the detect workspace app / receiver web page...

Upgraded Q -> H from #694 [1675343512989]

Judge has assessed an item in Issue 694 as H risk. The relevant finding follows: there is no check that duration of the Minipool is less than 365 days and if user by mistake set very high value for duration and fails to run node properly user would lose very large number of his GGP collaterals...

2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security

Lookout, an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022. 1 — Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches One area organizations need to continue to monitor in 2022 is the software supply chain. We...

_addTostakepadding() will return 0 for users who already had a stakepadding but would like to add on top of their previous stake with 'newStakePadding' on line 186-190(AbstractRewardMine.sol)

Handle 0xwags Vulnerability details Impact The handleStakePadding function handles the calculations for users without a prior stake padding and the ones who already had a stakepadding but want to add to their existing stakepadding. The condition within 'newStakePadding' will return false for user...

Key transfer will destroy key if from==to

Handle kenzo Vulnerability details If calling transferFrom with from == recipient, the key will get destroyed meaning the key will be set as expired and set the owner's key to be 0. Impact A key manager or approved might accidently destroy user's token. Note: this requires user error and so I'm n...