Lucene search
K

2213 matches found

EUVD
EUVD
added 2026/04/28 5:44 p.m.6 views

EUVD-2026-26075

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information...

9.8CVSS5.4AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

NVIDIA NVFlare Dashboard 安全漏洞

NVIDIA NVFlare Dashboard is a federal learning task management and monitoring interface developed by NVIDIA Corporation. The NVFlare Dashboard has security vulnerabilities, which stem from issues with user management and authentication systems. This allows unauthorized attackers to bypass...

9.8CVSS5.8AI score0.00573EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 7:16 a.m.12 views

CVE-2026-7091

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 5:30 a.m.38 views

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 5:30 a.m.8 views

EUVD-2026-25778

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 5:30 a.m.5 views

CVE-2026-7091

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS5AI score0.00201EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 5:30 a.m.6 views

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 5:30 a.m.14 views

CVE-2026-7091

The CVE concerns code-projects Invoice System in Laravel 1.0, specifically the /user file within the User Management Handler. The issue is described as improper authorization, enabling remote exploitation and with a published exploit. CVSS vectors indicate a Network attack vector with low complex...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35359

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Code-Projects Invoice System in Laravel 安全漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a security vulnerability. This vulnerability stemmed from improper handling of the /user file in the User Management Handler...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 5:16 p.m.5 views

CVE-2026-6911

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-35027

Name of the Vulnerable Software and Affected Versions AWS Ops Wheel affected versions not specified Description Missing JWT signature verification allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application. This enables the ability to read,...

9.8CVSS5.3AI score0.00254EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24323

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...

3.8CVSS5.7AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.13 views

CVE-2026-22014

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...

3.8CVSS0.00193EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.12 views

CVE-2026-22014

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...

3.8CVSS5.7AI score0.00193EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-34082

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...

3.8CVSS5.7AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.13 views

Oracle User Management 安全漏洞

Oracle User Management is a user management system developed by Oracle, a company in the United States. There are security vulnerabilities in versions 12.2.7 to 12.2.15 of Oracle User Management. These vulnerabilities stem from issues with the Workflow and Business Events component. They may allo...

3.8CVSS7.3AI score0.00193EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:15 a.m.4 views

CVE-2026-6592

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.10 views

PT-2026-33686

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclos...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References5
NVD
NVD
added 2026/04/18 1:16 a.m.10 views

CVE-2026-40350

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS0.00441EPSS
Exploits1References4
Rows per page
Query Builder