19 matches found
PT-2026-40639
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An authenticated iControl SOAP user can obtain information regarding other accounts through a privilege assignment issue...
CVE-2026-3007
Successful exploitation of the stored cross-site scripting XSS vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature...
EUVD-2005-2509
Malware in sbrugna...
EUVD-2002-2362
Malware in sbrugna...
EUVD-2014-1425
Malware in sbrugna...
EUVD-2017-9552
Malware in sbrugna...
EUVD-2025-10885
Malicious code in bioql PyPI...
Privilege Escalation
github.com/openbao/openbao is vulnerable to Privilege Escalation. The vulnerability is due to accounts with access to privileged identity entity systems in root namespaces being able to escalate privileges to the global root policy...
CVE-2025-52572
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2023-28534
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin = 2.0.0 versions...
CVE-2023-6824
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...
CVE-2025-26318
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...
CVE-2024-7429
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ZotpressprocessaccountsAJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and...
Session Fixation
contao/core-bundle is vulnerable to Session Fixation. The vulnerability is due to a flaw in the personal data and password lost modules. allowing compromised accounts to retain access even after password changes...
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...
CVE-2023-37503
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...
Fruits Bazar SQL注入漏洞
Fruits Bazar is an e-commerce project using Php, javaScript, Jquery and Mysql by Md. Saiful Islam, an individual developer from Bangladesh. A SQL injection vulnerability exists in Fruits Bazar v1.0, which stems from a security issue with the recoveremail parameter in userpasswordrecover.php, whic...
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult...
CVE-2011-0910
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...