29 matches found
Nextcloud Calendar 信息泄露漏洞
NextCloud Calendar is an open-source calendar application developed by NextCloud. There were information leakage vulnerabilities in versions 5.5.13 to 5.5.17 and 6.2.0 to 6.2.3 of NextCloud Calendar. These vulnerabilities stemmed from the lack of shared restrictions applied to the meeting...
CVE-2026-33736
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...
CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...
Microsoft Graph Enterprise Intelligence Collector
This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...
Improper Access Control
weblate is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks in the API, which allows an attacker to retrieve user notification settings or enumerate all users...
CVE-2025-41077
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...
PT-2026-2266
Name of the Vulnerable Software and Affected Versions Viafirma Inbox version 4.5.13 Description An IDOR Insecure Direct Object Reference issue exists in Viafirma Inbox version 4.5.13. An authenticated user without appropriate privileges can list all users, access, and modify their data. This...
CVE-2025-13812
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...
PT-2026-1420
Name of the Vulnerable Software and Affected Versions GamiPress – Gamification plugin for WordPress versions prior to 7.6.2 Description The GamiPress – Gamification plugin for WordPress is susceptible to unauthorized data access. A missing capability check in the gamipress ajax get posts and...
WordPress ChopSlider3 Id SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress ChopSlider3 id SQLi Scanner', 'Description' = %q The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind...
CVE-2023-20184 Cisco DNA Center Software API Vulnerabilities
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...
CVE-2023-20184
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...
CVE-2023-20182
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...
PT-2023-23332 · Unknown · Cassia Access Controller
Name of the Vulnerable Software and Affected Versions: Cassia Access controller versions prior to 2.1.1.2203171453 Description: The issue allows read-only users to enumerate all other users and discover sensitive information, including e-mail addresses, phone numbers, and privileges of all other...
CVE-2022-33755
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users...
Input validation
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users...
CVE-2022-33755
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users...
Solarwinds Orion Platform访问控制错误漏洞
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, as well as support for customized web interfaces, multiple user opinions, and a mapped view of the entire...
Information disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...
SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...