Lucene search
K

2218 matches found

cnnvd
cnnvd
added 2026/04/21 12:0 a.m.13 views

Oracle User Management 安全漏洞

Oracle User Management is a user management system developed by Oracle, a company in the United States. There are security vulnerabilities in versions 12.2.7 to 12.2.15 of Oracle User Management. These vulnerabilities stem from issues with the Workflow and Business Events component. They may allo...

3.8CVSS7.3AI score0.00193EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/21 12:0 a.m.10 views

PT-2026-34082

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...

3.8CVSS5.7AI score0.00193EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/20 1:15 a.m.4 views

CVE-2026-6592

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.10 views

PT-2026-33686

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclos...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References5
nvd
nvd
added 2026/04/18 1:16 a.m.10 views

CVE-2026-40350

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS0.00441EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/18 12:7 a.m.6 views

CVE-2026-40350

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS5.7AI score0.00441EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2026/04/18 12:7 a.m.9 views

EUVD-2026-23632

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS5.7AI score0.00441EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.13 views

PT-2026-33548

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS5.7AI score0.00441EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.7 views

PT-2026-32607

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP3 with UMC Description An authentication weakness exists in the UMC component due to insufficient validation of user identity. This flaw allows an unauthenticated remote attacker to bypass authentication and...

7.3CVSS5.8AI score0.00251EPSS
Exploits0References5
ics
ics
added 2026/04/14 12:0 a.m.12 views

Siemens SINEC NMS

SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...

7.3CVSS5.8AI score0.00251EPSS
Exploits0References10
euvd
euvd
added 2026/04/13 9:31 a.m.3 views

EUVD-2026-21883

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
nvd
nvd
added 2026/04/07 3:17 p.m.9 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

6.8CVSS0.00191EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.7 views

Keycloak 访问控制错误漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to access control, which stems from a header injection vulnerability in the user management access token endpoint. This vulnerability may lead to the disclosure of...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References2
euvd
euvd
added 2026/04/05 6:32 a.m.4 views

EUVD-2026-19036

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References6
nvd
nvd
added 2026/04/05 5:16 a.m.6 views

CVE-2026-5543

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

6.5CVSS0.00196EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/04/05 4:30 a.m.2 views

CVE-2026-5543 PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injection

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5
cve
cve
added 2026/04/05 4:30 a.m.18 views

CVE-2026-5543

CVE-2026-5543 affects PHPGurukul User Registration & Login and User Management System 3.3. The vulnerability is in /admin/yesterday-reg-users.php where manipulation of the ID parameter enables SQL injection. Remote exploitation is possible, and a public exploit exists. No product versions, patche...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/04/05 12:0 a.m.12 views

PHPGurukul User Registration & Login and User Management System SQL注入漏洞

PHPGurukul User Registration & Login and User Management System is a user registration, login, and management system developed by PHPGurukul Corporation. Version 3.3 of the PHPGurukul User Registration & Login and User Management System has a SQL injection vulnerability. This vulnerability arises...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/04/02 10:54 p.m.7 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS6AI score0.00393EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/01 11:1 p.m.3 views

CVE-2026-5209

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS4.2AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder