15 matches found
CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
EUVD-2026-30603
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...
CVE-2026-33708
Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...
EUVD-2000-1162
Malware in sbrugna...
EUVD-2009-4434
Malware in sbrugna...
EUVD-2024-49500
Malicious code in bioql PyPI...
CVE-2021-32653
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...
CVE-2025-0503
Mattermost 9.11.x
Broadcom Symantec Privileged Access Management 安全漏洞
Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...
CVE-2022-22506
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293...
UBUNTU-CVE-2022-3870
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private...
Unspecified vulnerability in Nextcloud (CNVD-2021-39032)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...
Roger Wilco Server 1.4.1 - Unauthorized Audio Stream Denial of Service
source: https://www.securityfocus.com/bid/10025/info A vulnerability has been reported in the Roger Wilco Server, it is reported that a user does not need to connect to the server over the TCP port to have UDP based audio streams handled. Rather the attacker will require knowledge of user ID's...
CVE-2000-1177
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother BB before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter...
CVE-2000-1177
CVE-2000-1177 affects Big Brother (BB) prior to 1.5d3, where several scripts (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, bb-ack.sh) allow remote attackers to determine whether files exist and deduce user IDs by passing a target filename in HISTFILE. The entry bases impact ...