EUVD-2025-26865

Malicious code in bioql PyPI...

EUVD-2023-42747

Malicious code in bioql PyPI...

CVE-2025-55366

CVE-2025-55366 affects jshERP v3.5; improper access control in the UserController.java component (controller\UserController.java) allows attackers to arbitrarily reset user passwords and perform horizontal privilege escalation. Affected software/version is jshERP 3.5; underlying cause is access c...

CVE-2025-55366

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack...

CVE-2024-46607

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...

CVE-2023-38989

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...

CVE-2022-46999

Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...

CVE-2020-25915

Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2025-25769

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /controller/UserController.java...

CVE-2025-25772

A Cross-Site Request Forgery CSRF in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request...

CVE-2025-25769

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /controller/UserController.java...

CVE-2025-25769

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /controller/UserController.java...

CVE-2024-25625

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

CVE-2024-46607

IceCMS up to v3.4.7 is affected by an authentication bypass in the loginAdmin path of UserController.java, allowing login with arbitrary username and password and resulting in unauthorized access. The CVSS v3.1 base score is 7.6 (High): Network attack, low complexity, low privileges required, use...

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

CVE-2024-46609

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords...

CVE-2024-41601

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...

CVE-2024-41601

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...