Lucene search
+L

108 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8623

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49461

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.7 views

Palo Alto Networks User-ID Credential Agent 安全漏洞

Palo Alto Networks User-ID Credential Agent is a component of Palo Alto Networks, Inc. that has the capability to collect the correspondence between a user's identity and IP address. A security vulnerability exists in the Palo Alto Networks User-ID Credential Agent that originates from a specific...

7.2CVSS6.8AI score0.00175EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/07/15 12:0 a.m.7 views

FacialMotionID: Identifying Users of Mixed Reality Headsets Using Abstract Facial Motion Representations

Facial motion capture in mixed reality headsets enables real-time avatar animation, allowing users to convey non-verbal cues during virtual interactions. However, as facial motion data constitutes a behavioral biometric, its use raises novel privacy concerns. With mixed reality systems becoming...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.9 views

Haptic-Based User Authentication for Tele-robotic System

Tele-operated robots rely on real-time user behavior mapping for remote tasks, but ensuring secure authentication remains a challenge. Traditional methods, such as passwords and static biometrics, are vulnerable to spoofing and replay attacks, particularly in high-stakes, continuous interactions...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.18 views

CVE-2023-42480

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...

5.3CVSS7AI score0.0055EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:21 a.m.12 views

CVE-2019-6120

An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...

7.5CVSS6.8AI score0.01736EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:9 p.m.7 views

CVE-1999-0407

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system...

10CVSS7.1AI score0.05126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:6 p.m.10 views

CVE-1999-0084

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0...

8.4CVSS7.2AI score0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/30 1:38 p.m.21 views

CVE-2025-2911

Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions...

5.3CVSS7.2AI score0.00298EPSS
Exploits0References3
NVD
NVD
added 2025/03/28 1:15 p.m.10 views

CVE-2025-2911

Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions...

5.3CVSS0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/02 6:31 p.m.21 views

CVE-2025-1821 zj1983 zz ZorgAction.java getUserOrgForUserId sql injection

A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection. The attack may be launched...

6.5CVSS0.00501EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.8 views

The vulnerability of the One Identity Manager’s control mechanism for user identification, access rights, and security policies, related to the insecure direct object reference (IDOR), allows attackers to escalate their privileges.

The vulnerability of the User Identification, Access Rights, and Security Policies management tool, One Identity Manager, is related to an insecure direct reference to an object IDOR due to a bypass of authentication using data that are assumed to be immutable. Exploiting this vulnerability can...

9.9CVSS8AI score0.00647EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 1:35 p.m.13 views

CVE-2020-26230

Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and...

7.4CVSS6.3AI score0.01645EPSS
Exploits1References14
CVE
CVE
added 2025/01/20 6:9 p.m.60 views

CVE-2025-23214

Summary: Cosmos-Server before version 0.17.7 exposes a user-enumeration vulnerability during login, allowing an attacker to determine if a username exists in the database due to error code behavior. This has been addressed in version 0.17.7. Affected software: Cosmos-Server (pre-0.17.7). Root cau...

6.9CVSS7AI score0.00608EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.7 views

PT-2024-17616 · Dromara · Dromara Ujcms

Name of the Vulnerable Software and Affected Versions: Dromara UJCMS versions up to 9.6.3 Description: A problematic vulnerability has been found in Dromara UJCMS, affecting an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It ...

6.3CVSS4.6AI score0.03507EPSS
Exploits3References9
AlmaLinux
AlmaLinux
added 2024/12/04 12:0 a.m.22 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

8.8CVSS8AI score0.04422EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.5 views

Brokerage Wave 加密问题漏洞

Brokerage Wave is a frontend product from Brokerage, Inc. An encryption issue vulnerability exists in Brokerage Wave version 2.0, which stems from weak encryption of sensitive data received at the API response, which could allow an attacker to manipulate the parameter userid via the API request U...

7.1CVSS6.6AI score0.00211EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.13 views

The vulnerability of the QNAP TS-X41 network storage device lies in the lack of protection for operational data, which allows a hacker to identify existing users within the system.

The vulnerability of the QNAP TS-X41 network storage device is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to identify existing users within the system...

7.8CVSS5.5AI score
Exploits0
Kitploit
Kitploit
added 2024/03/10 11:30 a.m.25 views

Some-Tweak-To-Hide-Jwt-Payload-Values - A Handful Of Tweaks And Ideas To Safeguard The JWT Payload

some-tweak-to-hide-jwt-payload-values a handful of tweaks and ideas to safeguard the JWT payload, making it futile to attempt decoding by constantly altering its value, ensuring the decoded output remains unintelligible while imposing minimal performance overhead. What is a JWT Token? A JSON Web...

7.7AI score
Exploits0References1
Rows per page
Query Builder