PT-2023-30441 · Mercedes · Mercedes Me Ios App

Name of the Vulnerable Software and Affected Versions: Mercedes me IOS APP versions 1.34.0 and below Description: The issue allows attackers to view the maintenance orders of other users and access sensitive user information. Recommendations: For Mercedes me IOS APP versions 1.34.0 and below,...

CVE-2023-46935

eyoucms v1.6.4 is vulnerable Cross Site Scripting XSS, which can lead to stealing sensitive information of logged-in users...

CVE-2023-5551 Moodle: forum summary report shows students from other groups when in separate groups mode

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...

CVE-2022-41616

Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...

CVE-2022-41616

Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1...

CVE-2022-41616 WordPress Export Users Data CSV plugin <= 2.1 - Auth. CSV Injection vulnerability

A vulnerability in Kaushik Export Users Data CSV export-users-data-csv.This issue affects Export Users Data CSV: from n/a through = 2.1...

CVE-2022-41616

The CVE-2022-41616 entry corresponds to a CSV injection vulnerability in the WordPress plugin Export Users Data CSV, affecting versions through 2.1. The root cause is improper neutralization of formula elements in CSV files generated by the plugin. Impact details are limited in the provided docum...

CVE-2022-46804

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...

CVE-2022-46804

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...

Input validation

Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3...

CVE-2022-46804 WordPress Export Users Data Distinct plugin <= 1.3 - CSV Injection

A vulnerability in narolainfotech Export Users Data Distinct export-users-data-distinct.This issue affects Export Users Data Distinct: from n/a through = 1.3...

CVE-2022-46804

CVE-2022-46804 : WordPress plugin Export Users Data Distinct (

WordPress Plugin export-users-data-distinct Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin export-users-data-csv Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-38965

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI...

CVE-2022-47192

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password...

WordPress Export Users Data Distinct Plugin <= 1.3 is vulnerable to CSV Injection

Software Export Users Data Distinct Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-46804 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID b4f52c7c2803 Credits Mika Required privilege Subscriber Publish...

Crypto exchange Fiatusdt leaked trove of users KYC data

By Habiba Rashid The database was exposed due to a misconfigured AWS S3 bucket. This is a post from HackRead.com Read the original post: Crypto exchange Fiatusdt leaked trove of users KYC data...

SUSE CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...

SUSE CVE-2015-5339

The coreenrolgetenrolledusers web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant...