CVE-2025-67796 — IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authent — CVE Database · The Intelligence Room