MiracleLinux 8 : webkit2gtk3-2.38.5-1.el8.ML.1 (AXSA:2023-5964:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5964:10 advisory. webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code...

PT-2026-2486

Name of the Vulnerable Software and Affected Versions Hubert Imoveis e Administracao Ltda Hub v2.0 version 1.27.3 Description The software contains insecure permissions that allow authenticated attackers with low-level privileges to access other users' information through a specially crafted API...

CVE-2023-43503

A vulnerability has been identified in COMOS All versions V10.4.4. Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP...

CVE-2023-50458

In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs...

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS 120...

CVE-2022-42851

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information...

CVE-2019-11375

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI...

CVE-2019-11174

Insufficient access control in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access...

CVE-2021-41130

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

CVE-1999-0612

A version of finger is running that exposes valid user information to any entity on the network...

CVE-1999-0626

A version of rusers is running that exposes valid user information to any entity on the network...

CVE-1999-0628

The rwho/rwhod service is running, which exposes machine status and user information...

CVE-2024-2035

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

CVE-2023-53917

Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames...

CVE-2025-14159

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...

Improper Input Validation

org.openidentityplatform.openam, openam-oauth2 is vulnerable to improper input validation. The vulnerability is due to improper validation of the claimsparametersupported feature in the oidc-claims-extension.groovy script, which allows an attacker to inject a crafted JSON claims parameter in the...

CVE-2021-47717

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...

CVE-2021-47717

CVE-2021-47717 affects IntelliChoice eFORCE Software Suite 2.5.9. The vulnerability is a username enumeration flaw exploited via the POST parameter ctl00$MainContent$UserName, allowing an attacker to determine valid usernames and potentially retrieve user information. Root cause is improper handl...

PT-2025-50241

Name of the Vulnerable Software and Affected Versions IntelliChoice eFORCE Software Suite version 2.5.9 Description The software contains a flaw that allows attackers to identify valid usernames. This is achieved by exploiting the ctl00$MainContent$UserName POST parameter. By sending requests wit...