Account Security Vulnerabilities
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the...
3.5CVSS
7.1AI Score
0.0004EPSS
The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for...
8.8CVSS
9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before...
8.6CVSS
8.5AI Score
0.0004EPSS
Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access...
5.1CVSS
5.1AI Score
0.0004EPSS
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the...
6.3CVSS
6.5AI Score
0.0004EPSS
The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to...
8.8CVSS
8.6AI Score
0.001EPSS
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive...
5.5CVSS
5.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through...
7.1CVSS
6.3AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit...
5.5CVSS
5.3AI Score
0.0004EPSS
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF...
4.3CVSS
5AI Score
0.0005EPSS
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network...
6CVSS
6.1AI Score
0.001EPSS
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: SMS Module). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...
6.1CVSS
6AI Score
0.001EPSS
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network...
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...
6.1CVSS
6AI Score
0.001EPSS
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network...
6CVSS
6.1AI Score
0.001EPSS
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal Tfr Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network...
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting....
6.1CVSS
6AI Score
0.001EPSS
This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates...
4.3CVSS
4.5AI Score
0.001EPSS
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the...
5.7CVSS
5.5AI Score
0.001EPSS
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized...
5.5CVSS
5.3AI Score
0.0004EPSS
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized...
5.1CVSS
4.6AI Score
0.0004EPSS
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without...
4.7CVSS
4.7AI Score
0.001EPSS
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data...
7.5CVSS
7.4AI Score
0.001EPSS
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of...
7.8CVSS
7.9AI Score
0.001EPSS
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if.....
8.8CVSS
8.8AI Score
0.007EPSS
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been...
5.3CVSS
5.3AI Score
0.001EPSS
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled....
6.1CVSS
6.3AI Score
0.001EPSS
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to.....
8.1CVSS
8.2AI Score
0.006EPSS
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without...
5.3CVSS
5.2AI Score
0.001EPSS
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without...
5.3CVSS
5.2AI Score
0.001EPSS
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level...
4.3CVSS
4.6AI Score
0.0005EPSS
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email...
5.3CVSS
5.2AI Score
0.001EPSS
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without...
7.5CVSS
7.5AI Score
0.001EPSS
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without...
5.3CVSS
5.1AI Score
0.001EPSS
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without...
5.3CVSS
5.1AI Score
0.001EPSS
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via...
7.5CVSS
7.2AI Score
0.001EPSS
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
8.1CVSS
4.8AI Score
0.001EPSS
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local...
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for...
6.2CVSS
5.5AI Score
0.0004EPSS
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious...
6.1CVSS
6.1AI Score
0.001EPSS
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA...
7.5CVSS
7.3AI Score
0.002EPSS