Search Results (11848 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0866 1 Redhat 4 Jboss Enterprise Application Platform, Openstack Platform, Red Hat Single Sign On and 1 more 2025-11-06 5.3 Medium
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.
CVE-2024-48932 2 Icewhaletech, Zimaspace 2 Zimaos, Zimaos 2025-11-05 5.3 Medium
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available.
CVE-2025-41111 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarComentariosByDenuncia.php'.
CVE-2025-41112 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.
CVE-2025-41113 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.
CVE-2025-41114 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.
CVE-2025-41335 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.
CVE-2025-41337 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.
CVE-2025-41336 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.
CVE-2025-41338 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.
CVE-2025-41339 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'.
CVE-2025-41340 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'.
CVE-2025-41341 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'.
CVE-2025-41342 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.
CVE-2025-41343 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
CVE-2025-41344 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.
CVE-2025-41345 1 Canaldenuncia 2 Canaldenuncia.app, Canaldenuncia App 2025-11-05 7.5 High
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.
CVE-2025-64150 1 Jenkins 2 Jenkins, Publish To Bitbucket 2025-11-04 5.4 Medium
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2025-64148 1 Jenkins 2 Jenkins, Publish To Bitbucket 2025-11-04 4.3 Medium
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2025-64142 1 Jenkins 2 Jenkins, Nexus Task Runner 2025-11-04 4.3 Medium
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.