40 matches found
EUVD-2023-12746
Malicious code in bioql PyPI...
EUVD-2021-34191
Malicious code in bioql PyPI...
EUVD-2025-12750
Malicious code in bioql PyPI...
EUVD-2021-34633
Malicious code in bioql PyPI...
EUVD-2024-37915
Malicious code in bioql PyPI...
EUVD-2024-1156
Malicious code in bioql PyPI...
EUVD-2024-37552
Malicious code in bioql PyPI...
PT-2025-32151 · Emby · Mediabrowser
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: This issue involves an authorization bypass through a user-controlled key. Recommendations: At the moment, there is no information about a newer version that...
CVE-2025-52448
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux validate-initial-sql api modules allows Interface Manipulation data access to the production database cluster. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before...
CVE-2025-34140 ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix
An authorization bypass vulnerability exists in ETQ Reliance legacy CG and NXG SaaS platforms. By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration ...
CVE-2025-7938 jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to th...
CVE-2025-4129
Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: before 13.05.2025...
CVE-2025-5681
CVE-2025-5681 affects Turtek Software Eyotek prior to 23.06.2025. The issue is an authorization bypass via a user-controlled key that enables exploitation of trusted identifiers. Documented impact indicates high confidentiality impact with no integrity/availability impact. Reports from PT-Securit...
CVE-2025-49978 WordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 3.0.6...
Salt has minion event bus authorization bypass vulnerability
Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...
Grafana 10.3.x < 10.3.5 Authorization Bypass Through User-controlled Key
According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.18, or 10.0.x earlier than 10.0.13, or 10.1.x earlier than 10.1.9, or 10.2.x earlier than 10.2.6, or 10.3.x earlier than 10.3.5. It is, therefore, affected by a authorization bypass...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2023-44249
An authorization bypass through user-controlled key CWE-639 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests...
CVE-2025-48371
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...
GO-2025-3657 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...