Search Vulnerabilities

Google Cloud Build Comment Control Bypass

ClipBucket v5 has IDOR in Collection Item Management

NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass

Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users

Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse doesn't prevent moderators from exporting user Chat DMs

Discourse doesn't scope reviewable notes to user-visible reviewables

Discourse has IDOR vulnerability in the directory items endpoint

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource

RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

OpenEMR has Broken Access Control on Care Coordination Module

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries

Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints

Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization

Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities