Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/ma
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authentic
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated by
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized admin
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an
authorized attacker to modify values outside those defined by their privileges (Elevation of Privileg
CWE-639 Authorization Bypass Through User-Controlled Key
CWE-639 Authorization Bypass Through User-Controlled Key
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from gro
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups vi
Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This is
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue
A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. The vulnerability exist
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owne
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-l
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.
Authorization Bypass Through User-Controlled Key vulnerability in DevItems Support Genix support-genix-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects S
Page 1+ Next →