VulnCheck KEV: CVE-2022-28987

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...

CVE-2018-6202

In eScan Antivirus 14.0.1400.2029, the driver file econceal.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8...

CVE-2025-6202

creationtimestamp| type| source ---|---|--- 2025-09-16 05:27:00+00:00| seen| https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html 2025-09-16 07:30:30+00:00| published-proof-of-concept| https://t.me/thehackernews/7524 2025-09-16 07:40:21+00:00| seen|...

CVE-2025-6202

Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12...

CVE-2023-6202

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2020-6202

SAP NetWeaver Application Server Java User Management Engine, versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation...

CVE-2024-6202

creationtimestamp| type| source ---|---|--- 2024-08-06 09:09:07+00:00| seen| https://t.me/cvedetector/2535...

CVE-2024-6202 HaloITSM - SAML XML Signature Wrapping (XSW)

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping XSW vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 and patches starting from...

MAL-2024-730 Malicious code in wlwz-2312-6202 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f30fb2bb5faee55f8f048ba4c1065613e01904a376d5fbf162fc45cbc2c484e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-6202 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f30fb2bb5faee55f8f048ba4c1065613e01904a376d5fbf162fc45cbc2c484e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-6202

creationtimestamp| type| source ---|---|--- 2023-12-16 20:52:16+00:00| seen| Telegram/RQ71MEKLc-JmLT2Qy6VcUjmZdTKG-ZZX11TMVBJtypYtCGy...

CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2023-6202

Mattermost (open source collaboration platform) contains an information disclosure vulnerability in the /plugins/focalboard/api/v2/users endpoint. An attacker who is a guest and knows another user’s ID can access that user’s information (e.g., name, surname, nickname) due to improper authorizatio...

CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2022-28987

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login...

CVE-2022-28987

Vulnerability summary: Zoho ManageEngine ADSelfService Plus (pre-6202, e.g., 6121) is affected by CVE-2022-28987. A crafted POST to /ServletAPI/accounts/login enables username enumeration by revealing differences in responses for existing versus non-existing users, via the Forgot Password/login f...

PT-2022-19345

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions prior to 6202 Description The issue allows attackers to perform username enumeration via a crafted POST request to "/ServletAPI/accounts/login". This enables attackers to identify valid usernames,...

CVE-2020-6202

CVE-2020-6202 concerns SAP NetWeaver Application Server Java (User Management Engine), affected in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The issue is that the LDAP data source configuration XML document accepted from an untrusted source is not sufficiently validated, leading to Missi...

CVE-2019-6202

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges...

CVE-2019-6202

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges...