170 matches found
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint to bypass authentication mechanisms. Remediation Upgrade...
Linux Distros Unpatched Vulnerability : CVE-2023-1204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
CVE-2023-1204
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically...
CVE-2022-31185
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...
CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2021-43841
XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that...
PT-2025-20853 · Ozw772 +1 · Ozw772 +1
Name of the Vulnerable Software and Affected Versions: OZW672 versions prior to V6.0 OZW772 versions prior to V6.0 Description: A vulnerability has been identified in the web service of affected devices, making it vulnerable to SQL injection when checking authentication data. This could allow an...
CVE-2025-3382
A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...
CVE-2025-3339
A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/userupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely...
Online Restaurant Management System 注入漏洞
Online Restaurant Management System is a Code-projects open source online restaurant management system. An injection vulnerability exists in Online Restaurant Management System version 1.0, which originates from improper handling of parameter IDs in the /admin/userupdate.php file, which can lead ...
CVE-2025-3256
A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has bee...
CVE-2025-1687
CVE-2025-1687 affects the Cardealer WordPress theme (
PT-2025-9085 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab-EE versions 16.2 through 17.7.5 GitLab-EE versions 17.8 through 17.8.3 GitLab-EE versions 17.9 through 17.9.0 Description: A vulnerability in GitLab-EE allows a Guest user to read Security policy YAML. Recommendations: For GitLab-EE...
Astra Linux – Vulnerability in Zabbix
A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...
CVE-2024-41140
CVE-2024-41140 affects Zohocorp ManageEngine Applications Manager versions 174000 and prior, with an incorrect authorization in the update user function. Public documentation from NVD and Red Hat confirms impact to confidentiality and integrity (high), with network attack vector, low attack compl...
CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
CVE-2024-13070
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/updateusers.php of the component Update User Page. The manipulation of the argument userupd leads to sql injectio...
CodeAstro Online Food Ordering System 注入漏洞
CodeAstro Online Food Ordering System is an online food ordering system from CodeAstro, Inc. An injection vulnerability exists in CodeAstro Online Food Ordering System version 1.0, which stems from an incorrect operation of the parameter userupd that can result in SQL injection...
SUSE CVE-2024-36467
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...