Lucene search
K

417 matches found

Vulnrichment
Vulnrichment
added 2026/03/08 1:32 p.m.3 views

CVE-2026-3737 SourceCodester Pet Grooming Management Software User Creation add_user.php improper authorization

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...

6.5CVSS5.5AI score0.00254EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.14 views

PT-2026-23942

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description An improper authorization issue exists in the User Creation Handler component of the software. This can be triggered by manipulating the file add user.php. The attack can ...

6.5CVSS6.4AI score0.00254EPSS
Exploits1References13
CVE
CVE
added 2026/02/20 10:54 p.m.13 views

CVE-2019-25435

CVE-2019-25435 affects Sricam DeviceViewer 3.12.0.1. The issue is a local, stack‑based buffer overflow in the User Management → Add User function. An attacker with authenticated access can bypass DEP and inject a payload via the Username field to execute arbitrary code through a ROP chain. The re...

8.4CVSS6.7AI score0.0032EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/08 7:13 a.m.11 views

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

8.8CVSS6.2AI score0.00262EPSS
Exploits1References1
NVD
NVD
added 2026/02/07 7:15 a.m.7 views

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

8.8CVSS0.00262EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/07 6:32 a.m.9 views

EUVD-2026-5747

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

6.5CVSS5.2AI score0.00262EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/07 6:32 a.m.5 views

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References6
CVE
CVE
added 2026/02/07 6:32 a.m.21 views

CVE-2026-2076

A vulnerability (CVE-2026-2076) affects the yeqifu warehouse project, specifically the User Management Endpoint. The flaw resides in the UserController.java functions addUser, updateUser, and deleteUser, causing improper authorization. The issue can be triggered remotely, and public exploitabilit...

8.8CVSS6.2AI score0.00262EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2026-0851

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

9.8CVSS7AI score0.00319EPSS
Exploits1References1
NVD
NVD
added 2026/01/12 12:15 a.m.5 views

CVE-2026-0851

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

9.8CVSS0.00319EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/11 11:32 p.m.4 views

CVE-2026-0851 code-projects Online Music Site AdminAddUser.php sql injection

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

7.5CVSS6.7AI score0.00319EPSS
Exploits1References5
CVE
CVE
added 2026/01/11 11:32 p.m.15 views

CVE-2026-0851

Code-projects Online Music Site 1.0 contains an SQL injection in /Administrator/PHP/AdminAddUser.php via the txtusername parameter. The vulnerability allows remote exploitation and is supported by a publicly available exploit. The issue is tied to an unknown function in AdminAddUser.php and is co...

9.8CVSS7.1AI score0.00319EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/01/11 11:32 p.m.29 views

CVE-2026-0851 code-projects Online Music Site AdminAddUser.php sql injection

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

7.5CVSS0.00319EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/11 11:32 p.m.5 views

EUVD-2026-1959

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

7.5CVSS6.5AI score0.00319EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/11 12:0 a.m.5 views

PT-2026-2041

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in an unknown function within the /Administrator/PHP/AdminAddUser.php file...

9.8CVSS7.5AI score0.00319EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.9 views

CVE-2023-43331

A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.8AI score0.00461EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/25 12:17 a.m.13 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.5CVSS6.7AI score0.00138EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/25 12:17 a.m.19 views

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

5.7CVSS6.7AI score0.00136EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.7 views

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP version 2.3.1, which originates from the user/addUser endpoint being susceptible to Fastjson deserialization attack...

9.8CVSS6.7AI score0.00407EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/24 6:31 p.m.5 views

EUVD-2025-198969

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.5CVSS6.2AI score0.00138EPSS
Exploits1References3
Rows per page
Query Builder