CVE-2026-45776

Open XDMoD (Open XDMoD) versions prior to 11.0.3 are affected when the optional Job Performance (SUPReMM) module is installed. A flaw in access control allows a crafted HTTPS POST to set a session variable used for authorization, enabling an attacker to view other users’ compute job efficiency me...

CVE-2026-33304 OpenEMR has Authorization Bypass in Dated Reminders Log

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient...

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks in the messaging web service. An attacker can view other users' names and online statuses by exploiting this flaw. Remediation Upgrade...

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

CVE-2025-0739

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

VulnCheck KEV: CVE-2024-33939

The Masteriyo LMS Plugin for WordPress is vulnerable to an insecure direct object reference that could allow unauthenticated adversaries to view other users course progress. Versions up to and including 1.7.3 are vulnerable via the REST API...

Nextcloud 安全漏洞

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. Nextcloud Deck is vulnerable to an access control error in versions prior to 1.2.9, 1.4.5 and 1.5.3. The vulnerability stems from a lack of permission...

Parallel overstepping vulnerability in Liangjing Mall online store shopping system

Liangjing Mall Online Shop Shopping System is a set of multi-functional online store system that can be suitable for different types of commodities, super flexible, three-tier distribution PC+Mobile+Micro-site. There is a parallel override vulnerability in LiangJing Mall Online Shop Shopping...

ilbo App vulnerable to authentication bypass

Overview ilbo App provided by EXTRUN Ltd. contains an authentication bypass vulnerability CWE-287. Impact A user who can login to ilbo App may view the images which were recorded by the other user's ilbo device. Solution Update the Application Update to the latest version according to the...

CVE-2018-15405

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly...

libgig Denial of Service Vulnerability

libgig is a C++ library for loading, modifying and creating Gigasamlier and DLS files. A denial of service vulnerability exists in the 'gig::DimensionRegion::CreateVelocityTable' function of the gig.cpp file in libgig version 4.0.0. A remote attacker can exploit this vulnerability to cause a deni...