| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured audience value (authJwtAud) is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted for authentication. This allows authentication using tokens intended for a different audience/service. This issue has been patched in version 3000.11.1. |
| A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.3.0 is capable of addressing this issue. The patch is identified as d7729f4b885449f6dee3faf8b5f2a05769fb3d6e. The affected component should be upgraded. |
| A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. |
| OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are skipped and tenant scoping is disabled. This allows attackers to access project data belonging to other tenants, read sensitive User fields via nested relations, leak plaintext resetPasswordToken, and reset the victim’s password and fully take over the account. This results in cross‑tenant data exposure and full account takeover. This vulnerability is fixed in 10.0.21. |
| OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated (unlike the verify endpoint). This affects the UserWhatsAppAPI.ts endpoint and the UserWhatsAppService.ts service. |
| Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.
Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to other organizations and perform actions outside of their privilege level.
An attacker can select devices outside of their organization by manipulating device identifiers and perform management actions on them, such as moving them to products they control. This may allow attackers to interfere with firmware updates, access device functionality exposed by the platform, or disrupt device connectivity.
In environments where additional features such as remote console access are enabled, this could lead to full compromise of affected devices.
This issue affects nerves_hub_web: from 1.0.0 before 2.4.0. |
| A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password. |
| A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used. |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required. An attacker can create, read, update, or delete records in any internal relationship table. Exploiting this allows the attacker to inject themselves into any Parse Role, gaining all permissions associated with that role, including full read, write, and delete access to classes protected by role-based Class-Level Permissions (CLP). Similarly, writing to any such table that backs a Relation field used in a pointerFields CLP bypasses that access control. This vulnerability is fixed in 9.5.2-alpha.7 and 8.6.20. |
| A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp (authorized party) claim of Keycloak access tokens against the configured client-id. A valid access token issued by the same Keycloak realm for a different client application can be used to authenticate as any user on the Parse Server that uses the Keycloak adapter. This enables cross-application account takeover in multi-client Keycloak realms. All Parse Server deployments that use the Keycloak authentication adapter with a Keycloak realm that has multiple client applications are affected. This vulnerability is fixed in 9.5.2-alpha.5 and 8.6.18. |
| A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 1.4.5.1 is able to resolve this issue. This patch is called 975e39e4dd527596987559f56c5f9f973f64eff7. It is recommended to upgrade the affected component. |
| A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.4.5.1 is able to mitigate this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is recommended. |
| A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. |
| A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token from the same provider can authenticate as any other user. This affects any Parse Server deployment that uses the generic OAuth2 authentication adapter (configured with oauth2: true) without setting the useridField option. This vulnerability is fixed in 9.5.2-alpha.9. and 8.6.22. |
| The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed entirely. This allows any authenticated user to query on protected fields to extract field values. All Parse Server deployments have default protected fields and are vulnerable. This vulnerability is fixed in 9.5.2-alpha.6 and 8.6.19. |
| A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
