Total
6623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41111 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarComentariosByDenuncia.php'. | |||||
| CVE-2025-41112 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'. | |||||
| CVE-2025-41113 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'. | |||||
| CVE-2025-41114 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'. | |||||
| CVE-2025-41335 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'. | |||||
| CVE-2025-41337 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'. | |||||
| CVE-2025-41336 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'. | |||||
| CVE-2025-41338 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'. | |||||
| CVE-2025-41339 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'. | |||||
| CVE-2025-41340 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'. | |||||
| CVE-2025-41341 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'. | |||||
| CVE-2025-41342 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'. | |||||
| CVE-2025-41343 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'. | |||||
| CVE-2025-41344 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'. | |||||
| CVE-2025-41345 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'. | |||||
| CVE-2025-64150 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2025-64148 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2025-64142 | 1 Jenkins | 1 Nexus Task Runner | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2025-64139 | 1 Jenkins | 1 Start Windocks Container | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2025-64137 | 1 Jenkins | 1 Themis | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | |||||