Lucene search
K

51 matches found

Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.8 views

PT-2025-40986

Name of the Vulnerable Software and Affected Versions Negotiator version 3.15.2 Description An Insecure Direct Object Reference IDOR exists in Negotiator. This allows an attacker to access or modify unauthorized resources by manipulating requests. The issue involves the userID parameter within th...

5.3CVSS6.4AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.4 views

PMTicket Project-Management-Software 代码问题漏洞

PMTicket Project-Management-Software is a PMTicket open source agile project management and issue tracking system. A code issue vulnerability exists in PMTicket Project-Management-Software, which stems from incorrect manipulation of the parameter userid of the component Cookie Handler in the file...

7.5CVSS7.4AI score0.00385EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.6 views

CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

6.9CVSS8AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 11:15 a.m.4 views

CVE-2025-30061

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

6.9CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 11:15 a.m.6 views

CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

6.9CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 10:24 a.m.3 views

CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

6.9CVSS8.3AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 10:24 a.m.6 views

CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

6.9CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 10:24 a.m.4 views

CVE-2025-30060 SQL injection in ReturnUserUnitsXML.pl via the UserID parameter

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

6.9CVSS8.2AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.7 views

CGM CLININET SQL注入漏洞

CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the UserID parameter in the getUserInfo function, which could lead to a SQL injection attack...

6.9CVSS7.2AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.5 views

PT-2025-32579 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, enabling attackers to create channel subscriptions without authorization through an API call to the...

4CVSS7.1AI score0.00183EPSS
Exploits0References10
OSV
OSV
added 2025/06/30 10:15 a.m.4 views

CVE-2025-6901

A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /phpaction/removeUser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploi...

9.8CVSS5.8AI score0.00399EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.4 views

Code-Projects Inventory Management System 安全漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the /phpaction/changePassword.php file against an externally entered SQL statement. An...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

SourceCodester Stock Management System 注入漏洞

SourceCodester Stock Management System is a SourceCodester open source inventory management system. An injection vulnerability exists in SourceCodester Stock Management System version 1.0, which originates from an SQL injection caused by the operation of the parameter userid in the file...

9.8CVSS7.9AI score0.00421EPSS
Exploits1References5
Snyk
Snyk
added 2025/05/17 6:43 a.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the batchForceLogout operation, accessible via the /monitor/online/batchForceLogout endpoint. A user can bypass authorization controls to force another user offline by supplying a different user's ID in the ids...

6CVSS6.9AI score0.00369EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.3 views

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG 5 suffers from a SQL injection vulnerability, which originates from the userId parameter of the /com/esafenet/servlet/user/ReUserOrganiseService.java page contains a SQL injection vulnerability...

9.8CVSS7.9AI score0.00569EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.4 views

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and earlier, which stems from improper handling of the uid parameter and could allow a remote attacker to...

9.8CVSS7.8AI score0.00487EPSS
Exploits0References2
OSV
OSV
added 2024/04/19 12:15 a.m.3 views

CVE-2024-30938

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMSUser.php component...

9.8CVSS5.9AI score0.00756EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

Loan Management System SQL Injection Vulnerability

Loan Management System is a loan management system by razormist individual developers. A SQL injection vulnerability exists in Loan Management System version 1.0, which stems from an incorrect manipulation of the parameter userid that can lead to sql injection...

7.2CVSS8.4AI score0.00763EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.7 views

Best Courier Management System Security Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A security vulnerability exists in Best Courier Management System version v.1.0 that could allow a remote attacker to execute arbitrary code and prompt for privileges via the userID parameter using a...

9.8CVSS7.8AI score0.01509EPSS
Exploits1References3
OSV
OSV
added 2023/06/07 1:15 a.m.2 views

CVE-2021-33223

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file...

8.8CVSS5.8AI score0.00804EPSS
Exploits1References2
Rows per page
Query Builder