88 matches found
CVE-2026-8995
The affected product is the Poll Maker plugin for WordPress (by AYS), vulnerable in versions up to 6.3.7. The flaw resides in the AJAX action ays_poll_get_user_information, which lacks proper access controls and returns the full WP_User object (including password hash, email, login, registration ...
Malicious code in qr-code-styling-temp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...
EUVD-2026-30494
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...
CVE-2026-29108
SuiteCRM vulnerable prior to 8.9.3 via an authenticated API endpoint that can reveal detailed user data including password hashes and MFA configuration for any user. Root cause: exposed information in the API when queried by an authenticated user. Impact: potential to crack stored password hashes...
PT-2026-2486
Name of the Vulnerable Software and Affected Versions Hubert Imoveis e Administracao Ltda Hub v2.0 version 1.27.3 Description The software contains insecure permissions that allow authenticated attackers with low-level privileges to access other users' information through a specially crafted API...
CVE-1999-0612
A version of finger is running that exposes valid user information to any entity on the network...
CVE-1999-0626
A version of rusers is running that exposes valid user information to any entity on the network...
CVE-2021-47717
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...
CVE-2021-47717
CVE-2021-47717 affects IntelliChoice eFORCE Software Suite 2.5.9. The vulnerability is a username enumeration flaw exploited via the POST parameter ctl00$MainContent$UserName, allowing an attacker to determine valid usernames and potentially retrieve user information. Root cause is improper handl...
CVE-2025-41343
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...
CVE-2025-41337
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'...
EUVD-2007-0820
Malware in sbrugna...
EUVD-1999-0609
Malware in sbrugna...
EUVD-2021-15057
Malware in sbrugna...
EUVD-2022-37611
Malicious code in bioql PyPI...
EUVD-2024-33496
Malicious code in bioql PyPI...
EUVD-2024-17050
Malicious code in bioql PyPI...
EUVD-2024-53461
Malicious code in bioql PyPI...
EUVD-2022-48075
Malicious code in bioql PyPI...
EUVD-2023-1957
Malicious code in bioql PyPI...