Lucene search
K

170 matches found

Snyk
Snyk
added 2025/10/02 12:31 p.m.3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint to bypass authentication mechanisms. Remediation Upgrade...

9.3CVSS7.3AI score0.01224EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-1204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

4.3CVSS5AI score0.00514EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:27 a.m.7 views

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

6.1CVSS6.7AI score0.00463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.4 views

CVE-2023-1204

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically...

4.3CVSS6.9AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.10 views

CVE-2022-31185

mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...

5.3CVSS7AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.7 views

CVE-2022-29180

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

9.8CVSS6.7AI score0.00745EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:52 p.m.6 views

CVE-2021-43841

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that...

5.4CVSS6.7AI score0.0087EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20853 · Ozw772 +1 · Ozw772 +1

Name of the Vulnerable Software and Affected Versions: OZW672 versions prior to V6.0 OZW772 versions prior to V6.0 Description: A vulnerability has been identified in the web service of affected devices, making it vulnerable to SQL injection when checking authentication data. This could allow an...

10CVSS7.6AI score0.00553EPSS
Exploits0References5
NVD
NVD
added 2025/04/07 8:15 p.m.7 views

CVE-2025-3382

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...

6.5CVSS0.0028EPSS
Exploits0References4
OSV
OSV
added 2025/04/07 6:15 a.m.5 views

CVE-2025-3339

A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/userupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely...

9.8CVSS5.8AI score0.00472EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.4 views

Online Restaurant Management System 注入漏洞

Online Restaurant Management System is a Code-projects open source online restaurant management system. An injection vulnerability exists in Online Restaurant Management System version 1.0, which originates from improper handling of parameter IDs in the /admin/userupdate.php file, which can lead ...

9.8CVSS7.8AI score0.00472EPSS
Exploits1References5
OSV
OSV
added 2025/04/04 5:15 p.m.5 views

CVE-2025-3256

A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has bee...

7.5CVSS5.5AI score
Exploits0References4
CVE
CVE
added 2025/02/27 11:22 p.m.59 views

CVE-2025-1687

CVE-2025-1687 affects the Cardealer WordPress theme (

8.8CVSS8.4AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/26 12:0 a.m.3 views

PT-2025-9085 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab-EE versions 16.2 through 17.7.5 GitLab-EE versions 17.8 through 17.8.3 GitLab-EE versions 17.9 through 17.9.0 Description: A vulnerability in GitLab-EE allows a Guest user to read Security policy YAML. Recommendations: For GitLab-EE...

5.5CVSS6.2AI score0.00316EPSS
Exploits1References13
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References3
CVE
CVE
added 2025/01/29 11:14 a.m.64 views

CVE-2024-41140

CVE-2024-41140 affects Zohocorp ManageEngine Applications Manager versions 174000 and prior, with an incorrect authorization in the update user function. Public documentation from NVD and Red Hat confirms impact to confidentiality and integrity (high), with network attack vector, low attack compl...

8.1CVSS6.9AI score0.00896EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/15 5:35 p.m.11 views

CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

7.5CVSS7.4AI score0.00494EPSS
Exploits1References2
OSV
OSV
added 2024/12/31 3:15 p.m.10 views

CVE-2024-13070

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/updateusers.php of the component Update User Page. The manipulation of the argument userupd leads to sql injectio...

8.8CVSS5.7AI score0.00508EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.4 views

CodeAstro Online Food Ordering System 注入漏洞

CodeAstro Online Food Ordering System is an online food ordering system from CodeAstro, Inc. An injection vulnerability exists in CodeAstro Online Food Ordering System version 1.0, which stems from an incorrect operation of the parameter userupd that can result in SQL injection...

8.8CVSS7.1AI score0.00508EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/11/28 4:0 a.m.5 views

SUSE CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References3
Rows per page
Query Builder