Lucene search
K

535 matches found

Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.14 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS5.7AI score0.00232EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/13 9:43 a.m.12 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/06 5:5 p.m.12 views

Incorrect Authorization

Overview auth0-js is an Auth0 headless browser sdk Affected versions of this package are vulnerable to Incorrect Authorization via token validation. An attacker can gain unauthorized access to user profile information by providing a specifically crafted invalid ID token along with a valid access...

6CVSS5.8AI score0.00211EPSS
Exploits0References2
Cisco
Cisco
added 2026/05/06 4:0 p.m.18 views

Cisco Slido Insecure Direct Object Reference Vulnerability

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 11:41 a.m.9 views

CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.3AI score0.00252EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/17 12:31 a.m.5 views

EUVD-2024-55551

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 11:16 p.m.5 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 10:27 p.m.7 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 10:27 p.m.4 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/16 10:27 p.m.20 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 10:27 p.m.9 views

CVE-2024-58343

CVE-2024-58343 affects Vision Helpdesk versions prior to 5.7.0, with a patch available in 5.6.10. The issue allows attackers to read user profiles by tampering serialized cookie data in vis_client_id. The CVSS v3.1 base score is 4.3 (MEDIUM) with network attack vector, low attack complexity, and ...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

Vision Helpdesk 安全漏洞

Vision Helpdesk is a customer service software developed by Vision Helpdesk Company in India. Versions of Vision Helpdesk prior to 5.7.0 contained security vulnerabilities, which were caused by improper handling of serialized cookie data. This vulnerability could lead to the reading of user...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.10 views

PT-2026-33372

CVE-2024-58343 Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to vis client id. https://t.co/8Cf7DKLrcr...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/04 1:51 p.m.9 views

CVE-2018-25247 MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...

6.1CVSS5.7AI score0.00221EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/04 1:51 p.m.16 views

CVE-2018-25247 MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles

MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the...

6.1CVSS0.00221EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 9:31 p.m.7 views

EUVD-2026-18831

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS5.9AI score0.00295EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.3 views

CVE-2026-25417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a flaw in the order of cleaning operations for the about field in user profiles, which...

5.4CVSS5.9AI score0.00176EPSS
Exploits1References2
NVD
NVD
added 2026/03/21 12:16 a.m.5 views

CVE-2026-33425

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions...

6.9CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 11:12 p.m.7 views

CVE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions...

6.9CVSS5.9AI score0.00207EPSS
Exploits0References3
Rows per page
Query Builder