Lucene search
+L

5 matches found

vulnrichment
vulnrichment
added 2026/04/28 11:41 a.m.6 views

CVE-2026-5779 Multiple vulnerabilities in MphRx's Minerva

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.3AI score0.00252EPSS
Exploits0References1
github
github
added 2025/09/02 3:31 p.m.13 views

Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

6.5CVSS7AI score0.00331EPSS
Exploits3References5Affected Software1
ptsecurity
ptsecurity
added 2025/09/02 12:0 a.m.7 views

PT-2025-35568

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.1 through 6.4.2 Description: A user enumeration issue exists in the /CredentialsServlet/ForgotPassword endpoint. This allows remote attackers to determine valid usernames via the Login parameter. Recommendations:...

6.5CVSS6.3AI score0.00331EPSS
Exploits3References7
ptsecurity
ptsecurity
added 2025/01/19 12:0 a.m.6 views

PT-2025-3969 · Facile Sistemas · Facile Sistemas Cloud Apps

Name of the Vulnerable Software and Affected Versions: Facile Sistemas Cloud Apps up to 20250107 Description: A vulnerability was found in the Password Reset Handler component of Facile Sistemas Cloud Apps, affecting an unknown function of the file /account/forgotpassword. The manipulation of the...

5.3CVSS4.1AI score0.00295EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2024/11/22 12:0 a.m.10 views

PT-2024-27750 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...

5.4CVSS5.7AI score0.00366EPSS
Exploits0References5
Rows per page
Query Builder