A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfig
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security L
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.
When an authenticated user submits a ticket, the request can be i
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security L
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the arg
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address).
While the content of these fields is properly redacted in the _source d
Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue
A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in i
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations vi
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management
There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authe
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member c
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS H
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including u
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 ver
An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection confi
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFil
An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export func