EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

CVE-2025-11580

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks...

CVE-2025-11580

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks...

CVE-2025-11580

PowerJob up to version 5.1.2 contains broken access control in the /user/list function, allowing remote unauthorized access. Multiple sources (NVD, Red Hat, CIRCL, nuclei template, PTSecurity, CNNVD, CVE CVE-2025-11580) describe that the vulnerability enables remote exploitation with public explo...

EUVD-2025-33758

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited...

PT-2025-41581

Name of the Vulnerable Software and Affected Versions PowerJob versions through 5.1.2 Description A flaw exists in PowerJob that relates to missing authorization within the function list of the /user/list file. This issue can be exploited remotely. The exploit is publicly available. The vulnerabl...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob 5.1.2 and earlier versions, which stems from a lack of authorization checking ...

EUVD-2025-33404

In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...

CVE-2025-60265

The CVE-2025-60265 issue affects xckk v9.6 and is caused by insufficient filtering of the orderBy parameter in the /user/list endpoint, enabling SQL injection. The vulnerability is documented across multiple sources (e.g., Red Hat CVE page, EUVD/ENISA entries, and PT-2025-41411) with a described ...

xckk 安全漏洞

xckk small dishes low-code development platform is a low-code development platform open source by China Cloud Network Software bestfeng. A security vulnerability exists in xckk v9.6, which stems from the orderBy parameter in user/list is not securely filtered, which may lead to SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2018-18248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline que...

CVE-2025-45617

Incorrect access control in the component /user/list of productionssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload...

CVE-2024-57698

An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the...

PT-2024-30171 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Incorrect Access Control vulnerability was found in "/music/index.php?page=user list" and "/music/index.php?page=edit user" in Kashipara Music Management System. This allows a low...

PT-2023-27138 · Sourcecodester · Sourcecodester Simple Online Mens Salon Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Mens Salon Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown processing of the file "/admin/?page=user/list". The manipulation of...

PT-2023-16677 · Unknown · Sourcecodester Sales Tracker Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sales Tracker Management System version 1.0 Description: A vulnerability was found in the SourceCodester Sales Tracker Management System, affecting the file "admin/?page=user/list". This issue leads to cross-site request forger...