236 matches found
CVE-2019-25430
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpnusers endpoint with script payloads in the usernam...
CVE-2019-25430
Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the vpn_users endpoint. An unauthenticated attacker can submit crafted input in the username parameter via a POST request to trigger arbitrary JavaScript in a victim’s browser. CVSS v4.0 and v3.1 vectors are provided, with base scores o...
CVE-2019-25428
CVE-2019-25428 affects Comodo Dome Firewall 2.7.0. Affected component: openvpn_users endpoint. Root cause: reflected cross-site scripting via crafted POST parameters (username, remotenets, explicitroutes, static_ip, custom_dns, custom_domain) enabling arbitrary JavaScript in users’ browsers. Impa...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site scripts present on the vpnusers...
PT-2026-20831
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...
PT-2026-20833
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn users endpoint with script payloads in the userna...
PT-2026-20470
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions 10.0.2 through 10.0.2 Splunk Enterprise versions 9.2.12 through 9.4.8 Splunk Enterprise versions 9.3.9 Splunk Cloud Platform versions prior to 10.2.2510.3 Splunk Cloud...
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via sensitive API endpoints. Low-privileged users can bypass authorization checks to access /api/users, /api/oauth, /api/notifier/amazonsns, and /api/settings/export. Remediation There is no fixed version for...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/users endpoint. A remote attacker with a low-privileged API token can create new administrative users by abusing the "admin" parameter in a POST...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the /api/users endpoint. An attacker can access sensitive information by sending a specially crafted request. Remediation There is no fixed version for...
PT-2026-7652
Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. The vulnerable parameter is not specified. Recommendations Update to a newer version that...
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...
CVE-2024-26478
CVE-2024-26478 affects Statping-ng v0.91.0, where a flaw in the /api/users endpoint can lead to disclosure of sensitive information. Public sources consistently identify the issue as an authorization/privacy weakness tied to that endpoint; Red Hat, NVD, OSV, and third-party advisories reference t...
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...
statping-ng 安全漏洞
Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability. This vulnerability stems from improper handling of specially crafted requests for the /api/users endpoint, which could lead to the disclosure of...
CVE-2024-26478
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...
CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729
DeepAudit is affected by an improper access control vulnerability in the /api/v1/users/ endpoint present in version 3.0.4 and earlier. An authenticated user can enumerate all users and retrieve sensitive fields (emails, phone numbers, full names, roles). The issue is documented across multiple so...