180 matches found
CVE-2025-12681
CVE-2025-12681 affects the WordPress plugin Comment Edit Core – Simple Comment Editing, up to version 3.1.0. The root cause is an unauthenticated exposure via the ajax_get_comment function, allowing any visitor to access sensitive data such as user IDs, IP addresses, and email addresses. Wordfenc...
CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...
PT-2025-46785
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax get comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, I...
CVE-2025-52602
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...
CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...
Ecuador Quipux 安全漏洞
Ecuador Quipux is an electronic document management and process system from Ecuador Ecuador. A security vulnerability exists in Ecuador Quipux versions 4.0.1 through e1774ac, which stems from improper handling of the txtlogin parameter and could lead to username enumeration and access to the...
CVE-2025-55342
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...
CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
EUVD-2024-53142
Malicious code in bioql PyPI...
EUVD-2023-32520
Malicious code in bioql PyPI...
CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the cancelAll process in the Role Handler component when manipulating the roleId or userIds arguments in /system/role/authUser/cancelAll. An attacker can gain unauthorized access or perform unauthorized action...
PT-2025-37394
Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A flaw exists in yangzongzhuan RuoYi up to version 4.8.1 related to improper authorization within the Role Handler component. The issue is associated with the /system/role/authUser/cancelA...
JeecgBoot 授权问题漏洞
JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from improper authorization of the parameter userIds in the file /api/system/sendWebSocketMsg in...
CVE-2023-7308
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a receive contention on a completed call by rxrpc, which could lead to the leakage of user call IDs...
PT-2025-26431 · Ооо 'Оск' · Edna Chat Center
Уязвимость системы обработки обращений клиентов edna Chat Center связана с некорректной обработкой исключительных состояний. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, определить подлинные идентификаторы пользователей...
CVE-2023-28900
The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number...
CVE-1999-0138
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access...