Lucene search
K

180 matches found

CVE
CVE
added 2025/11/13 7:27 a.m.20 views

CVE-2025-12681

CVE-2025-12681 affects the WordPress plugin Comment Edit Core – Simple Comment Editing, up to version 3.1.0. The root cause is an unauthenticated exposure via the ajax_get_comment function, allowing any visitor to access sensitive data such as user IDs, IP addresses, and email addresses. Wordfenc...

5.3CVSS5.5AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/13 7:27 a.m.8 views

CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46785

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax get comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, I...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References4
NVD
NVD
added 2025/11/05 3:15 p.m.12 views

CVE-2025-52602

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

4.2CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 2:46 p.m.13 views

CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

4.2CVSS0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

Ecuador Quipux 安全漏洞

Ecuador Quipux is an electronic document management and process system from Ecuador Ecuador. A security vulnerability exists in Ecuador Quipux versions 4.0.1 through e1774ac, which stems from improper handling of the txtlogin parameter and could lead to username enumeration and access to the...

5.3CVSS6.6AI score0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 12:0 a.m.2 views

CVE-2025-55342

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...

6.5AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.8 views

CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS0.00602EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53142

Malicious code in bioql PyPI...

3.6CVSS7AI score0.004EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32520

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/19 4:27 a.m.12 views

CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/13 7:41 p.m.7 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the cancelAll process in the Role Handler component when manipulating the roleId or userIds arguments in /system/role/authUser/cancelAll. An attacker can gain unauthorized access or perform unauthorized action...

5.5CVSS7AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/13 12:0 a.m.4 views

PT-2025-37394

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A flaw exists in yangzongzhuan RuoYi up to version 4.8.1 related to improper authorization within the Role Handler component. The issue is associated with the /system/role/authUser/cancelA...

5.5CVSS5AI score0.00338EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.12 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from improper authorization of the parameter userIds in the file /api/system/sendWebSocketMsg in...

8.8CVSS6.4AI score0.00397EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.8 views

CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

8.7CVSS6.5AI score0.06711EPSS
Exploits1References1
Snyk
Snyk
added 2025/08/22 5:43 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

6.9CVSS6.9AI score0.0035EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a receive contention on a completed call by rxrpc, which could lead to the leakage of user call IDs...

4.7CVSS6.2AI score0.00104EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.14 views

PT-2025-26431 · Ооо 'Оск' · Edna Chat Center

Уязвимость системы обработки обращений клиентов edna Chat Center связана с некорректной обработкой исключительных состояний. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, определить подлинные идентификаторы пользователей...

4CVSS7.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.8 views

CVE-2023-28900

The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number...

5.3CVSS7AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:6 p.m.9 views

CVE-1999-0138

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access...

7.2CVSS7AI score0.00703EPSS
Exploits0References1
Rows per page
Query Builder