EUVD-2026-10884

Parse Server OAuth2 authentication adapter account takeover via identity spoofing...

Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Impact The OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token...

PT-2026-7926

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

PT-2023-23284 · Unknown · Sesami Cash Point & Transport Optimizer

Name of the Vulnerable Software and Affected Versions: Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. This is a Cross Site...

PT-2022-21134 · Zinc · Zinc

Name of the Vulnerable Software and Affected Versions: Zinc versions v0.1.9 through v0.3.1 Description: The issue is related to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript...

Cerner Mobile Care SQL注入漏洞

Cerner Mobile Care is connecting providers, clinical care teams and IT architects with patients. A security vulnerability exists in Cerner Mobile Care version 5.0.0 where an unauthenticated, remote attacker could execute arbitrary SQL commands via a full apostrophe in the default.aspx user ID fie...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...