Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
WACRM Authorization Bypass via Automation Engine Endpoint
Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment
Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment
Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment
Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment
Weaviate Static API Key client.go validateConfig authorization
NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization
Booking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action
Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice...
MapPress Maps for WordPress <= 2.96.6 - Unauthenticated Insecure Direct Object Reference via REST API Endpoints
Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
Charitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter
HAX CMS has Unauthenticated Git Access via User-Controlled Key
Termix Vulnerable to Arbitrary Command Execution in File Manager
Termix Vulnerable to Arbitrary Command Execution via Session Hijacking
Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)
IDOR in Comment API Allows Cross-Process Comment Read and Write
Summary Service Insecure Direct Object Reference
ITPison|OMICARD EDM - Insecure Direct Object Reference
Broken Access Control in ABB T-MAC Plus web application
Showing 1 - 20 of 1,000+ results