296 matches found
CVE-2026-54105 U.S. GAO EPDS and CBCA EDS user information disclosure
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...
CVE-2026-54105
The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...
PT-2026-50705
Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...
CVE-2026-35062
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 Networks BIG-IP : iControl SOAP vulnerability (K000159021)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159021 advisory. An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-3506...
CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...
EUVD-2026-29965
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-35062
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-35062 iControl SOAP vulnerability
An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2026-26530
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...
CVE-2026-28766
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...
CVE-2026-28766
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...
CVE-2026-28766
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...
PT-2026-30231
Name of the Vulnerable Software and Affected Versions Gardyn affected versions not specified Description A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. Recommendations At the moment, there is no information about a newer...
CVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...
CVE-2021-33396
Cross Site Request Forgery CSRF vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php...
CVE-2020-12051
The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query=globaluserinfo= request. In other words, the information can be retrieved via the action API even though access would be denied when simply...
CVE-1999-0198
finger .@host on some systems may print information on some user accounts...
EUVD-2001-0822
Malware in sbrugna...
EUVD-2018-3138
Malware in sbrugna...