121 matches found
EUVD-2021-24747
Malware in sbrugna...
EUVD-2008-1783
Malware in sbrugna...
EUVD-2009-4634
Malware in sbrugna...
EUVD-2001-0086
Malware in sbrugna...
EUVD-2022-51623
Malicious code in bioql PyPI...
CVE-2025-55741
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...
SUSE CVE-2025-3580
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...
CVE-2024-5895
A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function deleteusers of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be...
CVE-2022-4266
The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their email via a CSRF attack...
CVE-2012-1897
Multiple cross-site request forgery CSRF vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 delete users via the user id number to admin/user/delete; 2 delete pages via the page id number to admin/page/delete;...
WordPress plugin MelaPress Login Security和WordPress plugin MelaPress Login Security Premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-2655
A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function saveusers/deleteusers of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-25767
A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...
CVE-2024-54927
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteusers.php...
CVE-2024-40443
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the deleteusers function in the Useres.php...
SOCIFI Guest wifi 安全漏洞
SOCIFI Guest wifi is a web portal of SOCIFI UK. A security vulnerability exists in SOCIFI Guest wifi. An attacker exploiting this vulnerability could switch to another guest dashboard and perform actions such as modifying users, deleting users, etc...
PT-2024-10906 · Socifi · Socifi Guest Wifi
Name of the Vulnerable Software and Affected Versions: SOCIFI Socifi Guest wifi as SAAS wifi portal affected versions not specified Description: The issue concerns insecure permissions, allowing any authorized customer with partner mode to switch to another customer dashboard. This enables them t...
PT-2024-37150 · WordPress · Tutor Lms Pro
Name of the Vulnerable Software and Affected Versions: The Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.2 Description: The issue allows authenticated attackers with subscriber-level access and above to perform administrative actions on the site, such as deleting comments,...
CVE-2024-7667
A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0. This affects the function deleteusers of the file User.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...