Lucene search
K

17 matches found

CVE
CVE
added 2026/06/09 3:41 a.m.22 views

CVE-2026-9185

CVE-2026-9185 affects the WordPress plugin 6Storage Rentals (versions

7.5CVSS5.5AI score0.00403EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-47684

Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

WordPress plugin 6Storage Rentals 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...

7.5CVSS5.9AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 7:16 p.m.4 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS0.00209EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 6:54 p.m.18 views

CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 6:54 p.m.9 views

CVE-2026-33708

Chamilo LMS exposes PII via the get_user_info_from_username REST endpoint before version 1.11.38. Any authenticated user (including students) can retrieve another user’s email, first name, last name, user ID, and active status due to missing authorization checks. This has been fixed in 1.11.38. R...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:54 p.m.1 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/08 1:15 a.m.7 views

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/08 12:32 a.m.35 views

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/08 12:32 a.m.3 views

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS6.7AI score0.00403EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.10 views

AgentChat 安全漏洞

AgentChat is a multi-agent collaborative dialogue system based on large language models, developed by Shy2593663669. Versions of AgentChat 2.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter userid in the functions getuserinfo an...

7.5CVSS7.1AI score0.00403EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/07 3:2 a.m.21 views

CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

5.3CVSS0.00227EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/07 3:2 a.m.4 views

CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

5.3CVSS6.4AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.5 views

PT-2025-49394

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET FACTORY INFO/GET USER INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The...

5.3CVSS6.7AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25891

Malicious code in bioql PyPI...

9.4CVSS6.2AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 10:24 a.m.20 views

CVE-2025-30060

The CVE-2025-30060 entry describes a SQL injection vulnerability in the ReturnUserUnitsXML.pl service, where the getUserInfo function is exploitable through the UserID parameter. Root cause: unsanitized user input in a SQL query (UserID) leading to unauthorized data access or modification. Impact...

6.9CVSS7AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.5 views

PT-2025-34855 · Unknown · Returnuserunitsxml.Pl

Name of the Vulnerable Software and Affected Versions: ReturnUserUnitsXML.pl affected versions not specified Description: The getUserInfo function within the ReturnUserUnitsXML.pl service is susceptible to SQL injection via the UserID parameter. Recommendations: As a temporary workaround, conside...

9.4CVSS7AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder