2218 matches found
Oracle User Management 安全漏洞
Oracle User Management is a user management system developed by Oracle, a company in the United States. There are security vulnerabilities in versions 12.2.7 to 12.2.15 of Oracle User Management. These vulnerabilities stem from issues with the Workflow and Business Events component. They may allo...
PT-2026-34082
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...
CVE-2026-6592
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
PT-2026-33686
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclos...
CVE-2026-40350
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...
CVE-2026-40350
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...
EUVD-2026-23632
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...
PT-2026-33548
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...
PT-2026-32607
Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP3 with UMC Description An authentication weakness exists in the UMC component due to insufficient validation of user identity. This flaw allows an unauthenticated remote attacker to bypass authentication and...
Siemens SINEC NMS
SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...
EUVD-2026-21883
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...
CVE-2026-5378
An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...
Keycloak 访问控制错误漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to access control, which stems from a header injection vulnerability in the user management access token endpoint. This vulnerability may lead to the disclosure of...
EUVD-2026-19036
A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...
CVE-2026-5543
A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...
CVE-2026-5543 PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injection
A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...
CVE-2026-5543
CVE-2026-5543 affects PHPGurukul User Registration & Login and User Management System 3.3. The vulnerability is in /admin/yesterday-reg-users.php where manipulation of the ID parameter enables SQL injection. Remote exploitation is possible, and a public exploit exists. No product versions, patche...
PHPGurukul User Registration & Login and User Management System SQL注入漏洞
PHPGurukul User Registration & Login and User Management System is a user registration, login, and management system developed by PHPGurukul Corporation. Version 3.3 of the PHPGurukul User Registration & Login and User Management System has a SQL injection vulnerability. This vulnerability arises...
CVE-2026-34571
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...
CVE-2026-5209
A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...