In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched a...
The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerCon...
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.