| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.
This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. |
| Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. |
| Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud allows Forceful Browsing, Resource Leak Exposure.
This issue affects Logo Cloud: before 0.67. |
| Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.
This issue affects OctoCloud: from s1.09.02 before v1.11.01. |
| Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.
This issue affects Assist: through 10.02.2025. |
| Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.
This issue affects ProKuafor: from s1.02.07 before v1.02.08. |
| Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.
This issue affects OBS (Student Affairs Information System): before v26.0328. |
| Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.
This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.
This issue affects SoliClub: from 5.2.4 before 5.3.7. |
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.
This issue affects Eyotek: before 11.03.2025. |
| Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.
This issue affects Online Exam Registration: before 14.03.2025. |
| The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to read and write comments on any process across all business units by supplying an arbitrary object GUID. |
| Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.
This issue affects Automatic Station Monitoring System: before 5.0.6.51. |
| Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.
This issue affects PAVO Pay: before 13.05.2025. |
| Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.
This issue affects Pik Online: before 3.1.5. |
| Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers.
This issue affects BILGER: before 2.4.6. |
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.
This issue affects Eyotek: before 23.06.2025. |
| Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.
This issue affects Menu Panel: through 29012026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.
This issue affects Dinibh Patrol Tracking System: through 10022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers.
This issue affects Beefull App: before 24.07.2025. |
