PT-2025-41531

Name of the Vulnerable Software and Affected Versions SonarQube versions prior to 25.6 SonarQube 2025.3 Commercial versions prior to 2025.3 SonarQube 2025.1.3 LTA versions prior to 2025.1.3 Description Authenticated users with low privileges can access the /api/v2/users-management/users endpoint ...

CVE-2025-62292

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

CVE-2025-62292

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

EUVD-2025-33688

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

CVE-2025-62292

In SonarQube, versions before 25.6 (including 2025.3 Commercial and 2025.1.3 LTA) allow authenticated low-privilege users to query /api/v2/users-management/users and obtain administrator-only fields, notably email addresses of other accounts. This is the underlying vulnerability described across ...

EUVD-2018-2438

Malware in sbrugna...

EUVD-2022-32922

Malicious code in bioql PyPI...

PT-2024-40027 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: The issue concerns insufficient CSRF protection in GridField, which can be exploited to trick users with CMS access into posting unspecified data from external websites. This affec...

IDOR Vulnerability Allow the owner of one Organization can edit, delete and resetpassword users that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and reset itsself password. 3 using the burpsuit to hack hijack the post. 4 The post and can be like: PUT...

SeedDMS Cross-Site Scripting Vulnerability (CNVD-2022-66668)

SeedDMS formerly known as LetoDMS and MyDMS is a PHP and MySql based document management system. A cross-site scripting vulnerability exists in SEEDMS versions 6.0.18 and 5.1.25, which are primarily used to store and share documents. The vulnerability can be exploited to inject a payload into the...

CVE-2022-28479

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu...

CVE-2022-28479

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu...

Design/Logic Flaw

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu...

CVE-2022-28479

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu...

SeedDMS 跨站脚本漏洞

SeedDMS formerly known as LetoDMS and MyDMS is a PHP and MySql based document management system. A cross-site scripting vulnerability exists in SEEDMS versions 6.0.18 and 5.1.25, which are primarily used to store and share documents. The vulnerability can be exploited to inject a payload into the...

CVE-2022-0984

Users with the capability to configure badge criteria teachers and managers by default were able to configure course badges with profile field criteria, which should only be available for site badges...

CODOFORUM Cross-Site Scripting Vulnerability

Codoforum is a free forum package built with PHP and MySQL. A cross-site scripting vulnerability exists in the administration dashboard in Codoforum 4.8.3. The vulnerability can be exploited to conduct a cross-site scripting attack via the Categories in the Manage Users screen...

SeedDMS SQL Injection Vulnerability

SeedDMS formerly known as LetoDMS and MyDMS is SeedDMS enthusiasts jointly developed a set of PHP and MySql-based open source document management system . The system is mainly used to store and share documents. A SQL injection vulnerability exists in the 'Users management' feature in SeedDMS...

CVE-2018-12942

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

Sql injection

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...