14 matches found
CVE-2026-10215
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
EUVD-2026-33536
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
CVE-2026-10215
Dolibarr ERP CRM up to version 23.0.1 is affected by CVE-2026-10215 in the Leave Request REST API component, specifically the file htdocs/holiday/class/api_holidays.class.php, function checkUserAccessToObject. The issue allows improper authorization, potentially enabling remote exploitation. Publ...
Dolibarr has Insufficient Verification of Data Authenticity
A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...
GHSA-RVWR-Q5HJ-WQ7G Dolibarr has an Injection issue
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
UBUNTU-CVE-2026-7688
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
Dolibarr ERP CRM 数据伪造问题漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contained a data manipulation vulnerability. This vulnerability stemmed from a function in the Online Signature Module’s htdocs/core/lib/security.lib.php...
CVE-2025-67841
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue...
CVE-2025-67841
The CVE-2025-67841 entry applies to Nordic Semiconductor IronSide SE for nRF54H20, affected in versions before 23.0.2+17. The issue is described as an Algorithmic complexity vulnerability. Per the connected data, the vulnerability impacts availability (high) with no confidentiality or integrity i...
Eval Injection
Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Eval Injection via the dolevalstandard function. An attacker can execute arbitrary commands by injecting malicious payloads through computed extrafields...
CVE-2026-22666
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dolevalstandard function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject...
IBM Automation Decision Services 安全漏洞
IBM Automation Decision Services is a business automation software from International Business Machines IBM that models and manages business decisions through an easy-to-use, low-code user interface. A security vulnerability exists in IBM Automation Decision Services version 23.0.2 that stems fro...
PT-2025-2404 · Ibm · Ibm Automation Decision Services
Name of the Vulnerable Software and Affected Versions: IBM Automation Decision Services version 23.0.2 Description: The issue is related to the disclosure of information through browser caching. This can allow an attacker to gain unauthorized access to protected information. The problem arises...
PT-2021-5520 · Adobe · Photoshop
Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 23.0.2 and 22.5.4 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...