535 matches found
CVE-2025-67282
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...
PT-2025-52548
Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions prior to 2.11.1 Description The Ultimate Member plugin for WordPress is affected by a sensitive information exposure issue. Insufficient authorization checks on an unauthenticated AJAX endpoint,...
CVE-2023-53905 ProjectSend r1605 CSV Injection via User Account Export Functionality
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...
CVE-2025-13217
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...
CVE-2022-47425
ARMember for WordPress
CVE-2022-47425 WordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 3.4.10 - Broken Access Control
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10...
Socomec Easy Config System 安全漏洞
Socomec Easy Config System is a free software tool developed by Socomec for fast, reliable and flexible configuration of its power monitoring and measurement equipment. An authentication bypass vulnerability exists in Socomec Easy Config System, which stems from an authentication bypass in the us...
Socomec Easy Config System User profile management authentication bypass vulnerability
Talos Vulnerability Report TALOS-2024-2117 Socomec Easy Config System User profile management authentication bypass vulnerability December 1, 2025 CVE Number CVE-2024-45370 SUMMARY An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config...
ASB-A-337775777
In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-64067
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...
EUVD-2025-199636
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...
CVE-2025-64067
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...
Reolink desktop application 安全漏洞
Reolink desktop application is a security camera monitoring software from Reolink USA. A security vulnerability exists in the Reolink desktop application that stems from the use of hard-coded and predictable AES encryption keys to encrypt user profiles, which could lead to a local attacker...
PT-2025-41511
Name of the Vulnerable Software and Affected Versions Contacts versions prior to SMR Oct-2025 Release 1 Description An improper input validation issue exists in Contacts prior to the SMR Oct-2025 Release 1. This allows local attackers to access data across multiple user profiles. The vulnerabilit...
EUVD-2007-0112
Malware in sbrugna...
EUVD-2019-14143
Malware in sbrugna...
EUVD-2008-6873
Malware in sbrugna...
EUVD-2007-1171
Malware in sbrugna...
EUVD-2007-6463
Malware in sbrugna...
EUVD-2008-1729
Malware in sbrugna...