292 matches found
EUVD-2021-29063
Malicious code in bioql PyPI...
EUVD-2023-2588
Malicious code in bioql PyPI...
EUVD-2021-29898
Malicious code in bioql PyPI...
CVE-2024-10216
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...
CVE-2024-10537
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...
CVE-2024-43336
Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
CVE-2022-20449
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2019-7544
An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting XSS vulnerability in the User Name Field...
CVE-2012-5931
Directory traversal vulnerability in the setlogconfig function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname...
CVE-2012-5930
The pamodifyaccounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request...
CVE-2012-5932
Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...
CVE-2006-6583
ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to 1 the Logins box and 2 the Search box...
WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP User Manager versions = 2.9.12...
One 安全漏洞
One is a front-end and back-end separated backend management system based on Spring Boot and Vue2 developed by lcw2004 individual developer. A security vulnerability exists in One v1.0, which stems from improper access control of component/api/user/manager, which may result in accessing sensitive...
CVE-2025-45614
Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload...
CVE-2024-57279
A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...
CVE-2024-57279
A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...
CVE-2024-57279
A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...
CVE-2024-57279
A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...