108 matches found
EUVD-2025-8623
Malicious code in bioql PyPI...
EUVD-2024-49461
Malicious code in bioql PyPI...
Palo Alto Networks User-ID Credential Agent 安全漏洞
Palo Alto Networks User-ID Credential Agent is a component of Palo Alto Networks, Inc. that has the capability to collect the correspondence between a user's identity and IP address. A security vulnerability exists in the Palo Alto Networks User-ID Credential Agent that originates from a specific...
FacialMotionID: Identifying Users of Mixed Reality Headsets Using Abstract Facial Motion Representations
Facial motion capture in mixed reality headsets enables real-time avatar animation, allowing users to convey non-verbal cues during virtual interactions. However, as facial motion data constitutes a behavioral biometric, its use raises novel privacy concerns. With mixed reality systems becoming...
Haptic-Based User Authentication for Tele-robotic System
Tele-operated robots rely on real-time user behavior mapping for remote tasks, but ensuring secure authentication remains a challenge. Traditional methods, such as passwords and static biometrics, are vulnerable to spoofing and replay attacks, particularly in high-stakes, continuous interactions...
CVE-2023-42480
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability...
CVE-2019-6120
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...
CVE-1999-0407
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system...
CVE-1999-0084
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0...
CVE-2025-2911
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions...
CVE-2025-2911
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions...
CVE-2025-1821 zj1983 zz ZorgAction.java getUserOrgForUserId sql injection
A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection. The attack may be launched...
The vulnerability of the One Identity Manager’s control mechanism for user identification, access rights, and security policies, related to the insecure direct object reference (IDOR), allows attackers to escalate their privileges.
The vulnerability of the User Identification, Access Rights, and Security Policies management tool, One Identity Manager, is related to an insecure direct reference to an object IDOR due to a bypass of authentication using data that are assumed to be immutable. Exploiting this vulnerability can...
CVE-2020-26230
Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and...
CVE-2025-23214
Summary: Cosmos-Server before version 0.17.7 exposes a user-enumeration vulnerability during login, allowing an attacker to determine if a username exists in the database due to error code behavior. This has been addressed in version 0.17.7. Affected software: Cosmos-Server (pre-0.17.7). Root cau...
PT-2024-17616 · Dromara · Dromara Ujcms
Name of the Vulnerable Software and Affected Versions: Dromara UJCMS versions up to 9.6.3 Description: A problematic vulnerability has been found in Dromara UJCMS, affecting an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It ...
Important: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...
Brokerage Wave 加密问题漏洞
Brokerage Wave is a frontend product from Brokerage, Inc. An encryption issue vulnerability exists in Brokerage Wave version 2.0, which stems from weak encryption of sensitive data received at the API response, which could allow an attacker to manipulate the parameter userid via the API request U...
The vulnerability of the QNAP TS-X41 network storage device lies in the lack of protection for operational data, which allows a hacker to identify existing users within the system.
The vulnerability of the QNAP TS-X41 network storage device is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to identify existing users within the system...
Some-Tweak-To-Hide-Jwt-Payload-Values - A Handful Of Tweaks And Ideas To Safeguard The JWT Payload
some-tweak-to-hide-jwt-payload-values a handful of tweaks and ideas to safeguard the JWT payload, making it futile to attempt decoding by constantly altering its value, ensuring the decoded output remains unintelligible while imposing minimal performance overhead. What is a JWT Token? A JSON Web...