Medium
CVSS: 4.2
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known…
Medium
CVSS: 6.4
Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of ot…
Medium
CVSS: 5.5
A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible…
High
CVSS: 8.6
The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
High
CVSS: 8.6
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
Medium
CVSS: 5.3
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
High
CVSS: 8.6
The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
Medium
CVSS: 5.0
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
Medium
CVSS: 5.0
Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request.
Medium
CVSS: 4.3
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.
Medium
CVSS: 5.3
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
High
CVSS: 8.6
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.
Critical
CVSS: 9.8
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product…
Critical
CVSS: 9.3
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI…
Medium
CVSS: 6.9
A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or dire…
Medium
CVSS: 4.3
Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.