Search Vulnerabilities

ThinkPHP 5.0.23 Remote Code Execution via invokefunction

Insecure direct object reference (IDOR) vulnerability in Fullstep

BigBlueButton's missing authorization allows viewer to inject/overwrite captions

Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server

Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers

WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens

Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

Horilla: Unauthorized Document Overwrite via File Upload Endpoint

Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

FreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer Modification

FreeScout's Customer AJAX Create Modifies Hidden Existing Customer

FreeScout has Customer Edit Cross-Mailbox Email Takeover

FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

Authorization Bypass Through User-Controlled Key in Crafty Controller

Neko has Self-service Privilege Escalation for Authenticated Users

OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

TransformerOptimus SuperAGI project.py get_projects_organisation authorization

TransformerOptimus SuperAGI agent.py get_schedule_data authorization

TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization

TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization