1. Casazen Booking Controller Exposes All Endpoints Without Authentication After Debugging Code Left in Production
A critical authorization bypass vulnerability has been identified in Casazen's booking system, leaving all booking endpoints accessible without authentication. The issue stems from an authorization attribute that was commented out in the BookingsController during debugging and never re-enabled before deployment. Securi...