Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0808 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 5.0 MEDIUM | 9.1 CRITICAL |
| Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. | |||||
| CVE-2025-30369 | 2025-04-01 | N/A | 2.7 LOW | ||
| Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1. | |||||
| CVE-2025-30368 | 2025-04-01 | N/A | 2.7 LOW | ||
| Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1. | |||||
| CVE-2024-13152 | 2025-02-14 | N/A | 10.0 CRITICAL | ||
| Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0. | |||||
| CVE-2024-22261 | 2024-11-21 | N/A | 2.7 LOW | ||
| SQL-Injection in Harbor allows priviledge users to leak the task IDs | |||||