74 matches found
PT-2026-26545
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...
Anchorr 安全漏洞
Anchorr is an open-source Discord bot developed by openVESSL that integrates media search and notifications. Versions of Anchorr 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from a storage cross-site scripting vulnerability in the Web dashboard user mapping...
CVE-2025-15522
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...
SAP NetWeaver AS Java Sensitive Information Vulnerability (January 2026)
The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an Sensitive Information vulnerability as disclosed in the SAP Security Patch Day January 2026: - The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an...
CVE-2026-0510
The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...
CVE-2026-0510
The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...
CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping
The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...
CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping
The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...
PT-2026-2342
Name of the Vulnerable Software and Affected Versions NetWeaver Application Server for Java NW AS Java affected versions not specified Description The User Management Engine UME within the software uses an outdated cryptographic algorithm to encrypt User Mapping data. This could allow an attacker...
EUVD-2019-10124
Malware in sbrugna...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly cleaning up user mapping information, which could lead to a memory leak...
CVE-2019-1567
The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims
This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk...
CVE-2024-44965
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...
kernel: iommufd: Check for uptr overflow
A flaw was found in the iommufd subsystem of the Linux kernel. When setting up a mapping with a user virtual address that wraps past zero or otherwise triggers a pointer/size overflow, the kernel may fail to properly validate and constrain the user-provided values. This can result in a buffer...
SUSE CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation...
createClaim can be circumvented
Lines of code Vulnerability details Impact VTVLVesting.sol has createClaim function for the admins to create claims. However, a malicious admin vector exists inside. The project gives some powerfull access to the admins for some reason as stated on the contest page. And a good intention is to emi...
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Mitigation Setting "gensec:requirepac=true" in the smb.conf makes, due to a cache prime in winbind, the DOMAIN\user lookup succeed, provided...
CLSA-2022-1648067939 Fix of CVE: CVE-2021-23192, CVE-2020-25717, CVE-2016-2124
CVE-2016-2124: Fix privilege escalation in Samba SMB1 authentication rhbz2021163 - CVE-2021-23192: Fix DCE/RPC fragment injection vulnerability rhbz2021167 - CVE-2020-25717: Fix privilege escalation in the way Samba maps domain users to local users rhbz2021171...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2022-1258)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...