Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/30 6:31 p.m.4 views

EUVD-2025-37028

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

7.5CVSS6.5AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0425

Malware in sbrugna...

7.8CVSS6.7AI score0.10263EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21385

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00565EPSS
Exploits2References8
Veracode
Veracode
added 2025/07/16 9:49 a.m.7 views

Information Disclosure

Indico is vulnerable to information disclosure. The vulnerability is due to an endpoint exposing user details such as name, affiliation, and email in bulk when listed in certain fields like ACLs, which allows an attacker to retrieve basic user information without proper authorization...

6.5CVSS5.8AI score0.00565EPSS
Exploits2References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/16 12:9 p.m.6 views

CVE-2025-3769

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

5.3CVSS6.7AI score0.00297EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/25 3:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient capability checks in the web service. An attacker can access sensitive user details such as full names and profile images by...

5.3CVSS6.7AI score0.00316EPSS
Exploits0References2
NVD
NVD
added 2025/04/25 3:15 p.m.13 views

CVE-2025-3640

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...

4.3CVSS0.00316EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.9 views

PT-2024-11559 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to the "/user/getUserType" API endpoint, which does not require authentication. This exposes information related to the...

5.3CVSS6.5AI score0.00366EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.16 views

PT-2024-30168 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: The issue is related to an Incorrect Access Control vulnerability. This vulnerability affects the /music/view user.php and /music/controller.php API endpoints, specifically when the i...

4.2CVSS6.6AI score0.00223EPSS
Exploits1References6
Prion
Prion
added 2024/02/19 8:15 p.m.24 views

Design/Logic Flaw

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

6.5CVSS7.2AI score0.00716EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.5 views

HCL Technologies DRYiCE MyXalytics Security Breach

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from improper access control and allows users to obtain certain details about other users...

7.1CVSS6.7AI score0.00291EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2022/10/28 1:12 p.m.16 views

Critical Vulnerability in Open SSL

There are no details yet, but its really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. Its likely to be abused to disclose...

1.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/15 12:0 a.m.6 views

PT-2021-14356

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3 Description: OneDev is an all-in-one devops platform. The REST UserResource endpoint performs a security check to ensure only administrators can list user details. However, the /users/id endpoint lacks security...

8.6CVSS5.7AI score0.49051EPSS
Exploits0References7
NVD
NVD
added 2020/06/17 5:15 p.m.11 views

CVE-2019-16245

OMERO before 5.6.1 makes the details of each user available to all users...

5.3CVSS0.00862EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/03/10 10:10 p.m.4 views

jenkins: Exposed session identifiers on user detail object in the whoAmI diagnostic page

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page...

5.4CVSS6.1AI score0.07044EPSS
Exploits0References4
Rows per page
Query Builder