PT-2026-38643

Name of the Vulnerable Software and Affected Versions eladmin versions prior to 2.8 Description Improper access controls in the Users API Endpoint allow for remote attacks. The issue exists within the checkLevel function located in the /rest/UserController.java file. Recommendations As a temporar...

CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

Crafty Controller 安全漏洞

Crafty Controller is a Minecraft server control panel/ launcher for Arcadia. There is a security vulnerability in Crafty Controller, which stems from improper permission verification in the Users API component. This vulnerability could allow remotely authenticated attackers to execute user-modifi...

EUVD-2023-60214

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

CVE-2023-53916

CVE-2023-53916 affects Zenphoto 1.6 with a stored cross‑site scripting vulnerability in the user postal code field exposed via the admin-users.php interface. When admin user data imported as HTML is viewed, malicious JavaScript injected into the postal code field can execute in the administrator’...

PT-2025-51954

Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6 Description The software contains a stored cross-site scripting issue in the user postal code field. This field is accessible through the 'admin-users.php' interface. When administrators view user information that includes...

CVE-2025-64683

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API...

EUVD-2025-44054

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API...

CVE-2025-64683

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API...

CVE-2025-64683

CVE-2025-64683 affects JetBrains Hub, specifically versions prior to 2025.3.104432. The issue is an information disclosure via the Users API, as described in multiple connected sources (JetBrains Hub descriptions and Red Hat/EUVD entries). The disclosed information and exact impact details are fo...

JetBrains Hub 竞争条件问题漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A competitive conditions issue vulnerability exists in versions prior to JetBrains Hub 2025.3.104432, which stems from an information disclosure...

PT-2025-32359 · Unknown · Statamic Core

Name of the Vulnerable Software and Affected Versions: Statamic Core versions prior to 2.11.8 Description: The /users endpoint is susceptible to cross-site scripting XSS, potentially allowing an attacker to add an administrator user. Exploitation can occur through Cross-Site Request Forgery CSRF...

CVE-2018-5751

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs...