Lucene search
K

55 matches found

NVD
NVD
added 2025/11/10 9:15 a.m.9 views

CVE-2025-12397

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

7.6CVSS0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.5 views

PT-2024-29435 · Feripro · Feripro

Name of the Vulnerable Software and Affected Versions: Feripro versions prior to 2.2.3 Description: The issue is related to an Incorrect Access Control vulnerability. It affects the "/admin/benutzer/institution/rechteverwaltung/uebersicht" endpoint, allowing remote attackers to obtain a list of a...

5.3CVSS6.8AI score0.00573EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.4 views

PT-2024-28036 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: The issue allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. Recommendations: At the moment, there is no information about a new...

5.1CVSS6.8AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2024/04/30 2:15 a.m.7 views

CVE-2024-4226

It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed...

3.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.6 views

HubBank SQL注入漏洞

HubBank is an application from HubBank, Inc. A security vulnerability exists in HubBank version 1.0.2, which stems from a SQL injection vulnerability in the /admin/viewusers.php endpoint...

8.1CVSS8AI score0.0045EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.3 views

SUSE CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

4CVSS6.6AI score0.0126EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.6 views

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...

6.5CVSS6.2AI score0.00543EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/12 4:15 p.m.4 views

CVE-2022-27161

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcmsadminMembersviewUsers...

9.8CVSS6AI score0.01269EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.2 views

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. cszcmsadminMembersviewUsers version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements and can be exploited by attackers to execute illegal SQL commands t...

9.8CVSS8.7AI score0.01269EPSS
Exploits1References2
OSV
OSV
added 2020/06/24 3:15 p.m.5 views

CVE-2020-14018

An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field;...

6.1CVSS6.4AI score
Exploits0References1
OSV
OSV
added 2020/03/09 7:15 p.m.11 views

CVE-2020-10246

MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statisticsorgs.ctp...

6.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2020/03/09 6:32 p.m.16 views

CVE-2020-10246

MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statisticsorgs.ctp...

6AI score0.00835EPSS
Exploits0References2
CNVD
CNVD
added 2017/05/18 12:0 a.m.3 views

McAfee Network Data Loss Prevention Session Hijacking Vulnerability (CNVD-2017-07550)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a session-side hijacking vulnerability in the server implementation, which can be exploited by remote attackers to view, add, and delete users by modifying HTTP request...

8CVSS7AI score0.00861EPSS
Exploits0References1
OSV
OSV
added 2014/07/20 11:12 a.m.1 views

DEBIAN-CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

4CVSS9.1AI score0.0126EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/06/27 12:0 a.m.21 views

op5 Monitor < 6.1.0 Information Disclosure and Security Bypass Vulnerabilities

The version of op5 Monitor hosted on the remote web server is earlier than 6.1.0. It is, therefore, affected by the following information disclosure and security bypass vulnerabilities: - Log files can be accessed without authentication, which may contain sensitive information. Bug 6599 - A flaw...

5.6AI score
Exploits0References6
Rows per page
Query Builder