148 matches found
CVE-2025-41342 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iduser' in '/backend/api/buscarUsuarioId.php'...
CVE-2025-41342
CVE-2025-41342 involves CanalDenuncia.app with a missing authorization check that allows an attacker to access other users’ data by sending a POST to the endpoint /backend/api/buscarUsuarioId.php using the id_user parameter. This is a direct confidentiality impact (HIGH) described across multiple...
EUVD-2025-37747
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'idtpdenuncia' and 'idsociedad' in '/backend/api/buscarTipoDenunciabyId.php'...
CVE-2025-41113
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarDenunciaByPin.php'...
CVE-2025-41111
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...
CVE-2025-41114 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'iduser' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'...
CVE-2025-41112 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'...
CVE-2025-41112 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CanalDenuncia App 安全漏洞
CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect authorization validation of parameters iddenuncia and iduser in /backend/api/buscarTestigoByIdDenunciaUsuario.php. An attacker could...
PT-2025-45005
Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization allows an attacker to access other users' information. This is achieved by sending a POST request through the parameters id tp denuncia and id sociedad in th...
CanalDenuncia App 安全漏洞
CanalDenuncia App is a reporting channel application from the Spanish company CanalDenuncia. A security vulnerability exists in CanalDenuncia App, which stems from a lack of authorization checking, which allows an attacker to access other user information by sending a POST request containing the...
EUVD-2025-34158
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
CVE-2025-40773
A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...
EUVD-2013-7049
Malware in sbrugna...
EUVD-2022-49586
Malicious code in bioql PyPI...
EUVD-2025-27172
Malicious code in bioql PyPI...
EUVD-2025-32013
Malicious code in bioql PyPI...
EUVD-2023-43992
Malicious code in bioql PyPI...
CVE-2025-52389
An Insecure Direct Object Reference IDOR in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request...