Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61781 | 1 Opencti-platform | 1 Opencti | 2026-01-06 | 7.1 High |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation lacks proper authorization checks to verify ownership of the targeted resources. An attacker can exploit this by supplying an active UUID of another user. Since the API does not validate whether the requester owns the resource, the mutation executes successfully, resulting in unauthorized deletion of the entire workspace. Version 6.8.1 fixes the issue. | ||||
| CVE-2025-56556 | 2 Intelliants, Subrion | 2 Subrion Cms, Cms | 2025-11-25 | 3.8 Low |
| An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool. | ||||
| CVE-2025-30369 | 1 Zulip | 2 Zulip, Zulip Server | 2025-09-27 | 2.7 Low |
| Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1. | ||||
| CVE-2025-30368 | 1 Zulip | 1 Zulip | 2025-08-27 | 2.7 Low |
| Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1. | ||||
| CVE-2014-0808 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 9.1 Critical |
| Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. | ||||
| CVE-2024-22261 | 2024-11-21 | 2.7 Low | ||
| SQL-Injection in Harbor allows priviledge users to leak the task IDs | ||||
Page 1 of 1.