CVE-2026-37981

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...

CVE-2025-48555

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48555

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48555

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-13785

CVE-2025-13785 affects yungifez Skuul School Management System up to 2.6.5, with the Image Handler processing the /user/profile file leading to information disclosure. The vulnerability is exploitable remotely and has public exploits/disclosures; multiple connected sources confirm the component a...

EUVD-2017-3857

Malware in sbrugna...

CVE-2018-16704

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...