Lucene search
K

230 matches found

Cvelist
Cvelist
added 2026/02/18 12:0 a.m.29 views

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

9.8CVSS0.00398EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.5 views

CVE-2025-15027

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jayloginregisterajaxcreatefinaluser' function. This makes it possible for...

9.8CVSS5.5AI score0.00412EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/08 7:13 a.m.11 views

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

8.8CVSS6.2AI score0.00262EPSS
Exploits1References1
NVD
NVD
added 2026/02/08 2:15 a.m.7 views

CVE-2025-15100

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jaypanelajaxupdateprofile' function. This makes it possible for authenticated...

8.8CVSS0.0031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/08 1:22 a.m.4 views

CVE-2025-15027

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jayloginregisterajaxcreatefinaluser' function. This makes it possible for...

9.8CVSS5.5AI score0.00412EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.8 views

WordPress plugin JAY Login & Register 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

9.8CVSS5.9AI score0.00412EPSS
Exploits0References3
NVD
NVD
added 2026/02/07 7:15 a.m.7 views

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

8.8CVSS0.00262EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/07 6:32 a.m.9 views

EUVD-2026-5747

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

6.5CVSS5.2AI score0.00262EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/07 6:32 a.m.5 views

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References6
CVE
CVE
added 2026/02/07 6:32 a.m.21 views

CVE-2026-2076

A vulnerability (CVE-2026-2076) affects the yeqifu warehouse project, specifically the User Management Endpoint. The flaw resides in the UserController.java functions addUser, updateUser, and deleteUser, causing improper authorization. The issue can be triggered remotely, and public exploitabilit...

8.8CVSS6.2AI score0.00262EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.2 views

CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS6AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-0852

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

9.8CVSS7AI score0.00326EPSS
Exploits1References1
OSV
OSV
added 2026/01/12 1:15 a.m.9 views

CVE-2026-0852

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

9.8CVSS5.7AI score
Exploits0References5
NVD
NVD
added 2026/01/12 1:15 a.m.11 views

CVE-2026-0852

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

9.8CVSS0.00326EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/12 12:2 a.m.8 views

EUVD-2026-1957

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

7.5CVSS6.4AI score0.00326EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/12 12:2 a.m.31 views

CVE-2026-0852 code-projects Online Music Site AdminUpdateUser.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

7.5CVSS0.00326EPSS
Exploits1References5
CVE
CVE
added 2026/01/12 12:2 a.m.27 views

CVE-2026-0852

CVE-2026-0852 affects code-projects Online Music Site 1.0. The vulnerability is a SQL injection in the unknown function of the file /Administrator/PHP/AdminUpdateUser.php, triggered by manipulation of the ID argument. The attack can be executed remotely and the exploit has been released publicly....

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.4 views

Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is a Code-Projects open source online music site. A SQL injection vulnerability exists in code-projects Online Music Site version 1.0, which stems from incorrect manipulation of the parameter ID in the file /Administrator/PHP/AdminUpdateUser.php, which can lead to...

9.8CVSS7.7AI score0.00326EPSS
Exploits1References5
CNVD
CNVD
added 2025/12/25 12:0 a.m.4 views

Student File Management System user_id Parameter SQL Injection Vulnerability

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /admin/updateuser.php. An attacker ca...

9.8CVSS7.9AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/15 2:35 p.m.4 views

CVE-2025-14662

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made...

5.4CVSS5.5AI score0.00193EPSS
Exploits1References1
Rows per page
Query Builder