Feathers 授权问题漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. In versions 5.0.0 to 5.0.42 of Feathers, there was an authorization vulnerability. This vulnerability stemmed from the OAuth service’s...

CVE-2020-36998

Affected software: Forma.lms The E-Learning Suite 2.3.0.2. Vulnerability: Persistent cross-site scripting in multiple course and profile parameters. Details: Attackers can inject malicious scripts via course code, name, description fields, and the email parameter to execute arbitrary JavaScript d...

CVE-2021-47817 OpenEMR 5.0.2.1 - Remote Code Execution

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enablin...

OpenEMR cross-site scripting vulnerability

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Version 5.0.2.1 of OpenEMR contains a cross-site scripting...

Kashipara Online Exam System 安全漏洞

Kashipara Online Exam System is an online exam system from Kashipara. A security vulnerability exists in version V1.0 of the kashipara Online Exam System, which originates from unvalidated parameters rname, rcollage, rnumber, rgender, and rpassword in the /exam/user/profile.php page, which could...

EUVD-2025-27207

Malicious code in bioql PyPI...

EUVD-2025-14936

Malicious code in bioql PyPI...

CVE-2025-42918

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2025-42918

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2025-42918 Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2025-42918 Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2025-42918

The CVE-2025-42918 vulnerability affects SAP NetWeaver Application Server for ABAP. It arises from missing authorization checks that allow authenticated users with access to background processing to read profile parameters, leading to a low confidentiality impact with no effect on integrity or av...

PT-2025-36551

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP affected versions not specified Description: The application allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a l...

Linksys多款产品 安全漏洞

Linksys RE6250 and others are a wireless extender from Linksys USA. A security vulnerability exists in various Linksys products, which stems from the incorrect operation of the parameters...

CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name...

CVE-2011-4809

Multiple cross-site scripting XSS vulnerabilities in the HM Community comhmcommunity component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 language, 2 university, 3 persent, 4 companyname, 5 designation, 6 music, 7 books, 8 movies, 9 games, 10...

CVE-2025-44184

SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting XSS in /admin/profile.php via the websiteimage, fname, lname, contact, username, and address parameters...

CVE-2024-10159

A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads t...

CVE-2022-36453

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number...

CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name...