Movary 安全漏洞

Movary is a film review program developed by Lee Peuker personally. Versions of Movary prior to 0.71.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the routing definitions for the user management endpoint/settings/users did not enforce the use of only...

PT-2025-49835

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

EUVD-2025-37019

ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...

Strapi 授权问题漏洞

Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi version 3.6.0 and prior versions that allows an attacker who gains valid session access to take over an account by changing the password...

CVE-2007-2170

The APPLSYS.FNDDMNODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126,...