Lucene search
K

147 matches found

Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.20 views

PT-2026-6547

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description User passwords are stored in plaintext. An attacker with high privileges can view user passwords on the user editing page. The vendor was notified of this issue but...

6.9CVSS5.5AI score0.00268EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.10 views

PT-2026-5034

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an electronic health records and medical practice management application. A broken access control exists in the Profile Edit endpoint. An authenticated user can modify request parameters...

8.8CVSS5.3AI score0.00333EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/01 2:16 p.m.5 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS7AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2025/11/28 7:15 a.m.7 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS0.00368EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/28 12:0 a.m.3 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS6.6AI score0.00368EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/28 12:0 a.m.10 views

PT-2025-48317

Name of the Vulnerable Software and Affected Versions Cerebrate versions prior to 1.30 Description The UsersController::edit function in Cerebrate allows an authenticated, non-privileged user to escalate their privileges, potentially obtaining a higher role such as administrator. This is achieved...

9.4CVSS6.7AI score0.00368EPSS
Exploits0References10
OSV
OSV
added 2025/11/28 12:0 a.m.6 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS6.9AI score0.00368EPSS
Exploits0References5
OSV
OSV
added 2025/11/17 2:15 a.m.10 views

CVE-2025-13257

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...

9.8CVSS5.8AI score0.00379EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.6 views

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Inventory Management System version 1.0, which originates from an incorrect manipulation of the parameter ID in the file /admin/user/index.php?view=edit, which...

9.8CVSS7.8AI score0.00379EPSS
Exploits1References6
OSV
OSV
added 2025/10/27 3:15 p.m.4 views

CVE-2025-12288

A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...

8.8CVSS5.5AI score0.00429EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.8 views

Bdtask Pharmacy Management System 安全漏洞

Bdtask Pharmacy Management System is a pharmacy management system from Bdtask Bangladesh. A security vulnerability exists in Bdtask Pharmacy Management System version 9.4 and earlier, which stems from an incorrect manipulation of the file /user/edituser, which could lead to authorization bypass...

8.8CVSS4.8AI score0.00429EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/11 9:22 p.m.15 views

CVE-2025-11585

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

9.8CVSS6.9AI score0.00387EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-23982

Malware in sbrugna...

6.1CVSS6.3AI score0.008EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-1843

Malware in sbrugna...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-8023

Malware in sbrugna...

5.4CVSS5.6AI score0.00563EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-49384

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00873EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31389

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00308EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2588

Malicious code in bioql PyPI...

3.8CVSS4.3AI score0.00366EPSS
Exploits0References3
OSV
OSV
added 2025/09/26 8:15 p.m.4 views

CVE-2025-11041

A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...

8.8CVSS5.7AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/26 8:2 p.m.6 views

CVE-2025-11041 itsourcecode Open Source Job Portal index.php sql injection

A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...

6.5CVSS6.8AI score0.00308EPSS
Exploits1References5
Rows per page
Query Builder