Lucene search
K

25 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 3:15 a.m.6 views

CVE-2026-12213 hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

5.3CVSS4.8AI score0.00203EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/05/14 7:24 p.m.8 views

MAL-2026-3750 Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

6.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/07 6:10 p.m.9 views

CVE-2026-42483

A flaw was found in hashcat. A heap-based buffer overflow allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is calculated from untruste...

9.8CVSS6.3AI score0.00304EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-42483

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...

9.8CVSS6.4AI score0.00304EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/11/25 1:25 a.m.145 views

Software-Exploitation-Final-Project

ATM Challenge - Buffer Overflow Exploit Author: Olalekan...

7.8AI score
Exploits0
OSV
OSV
added 2025/08/28 7:16 a.m.4 views

MAL-2025-41513 Malicious code in @twork-data-services/proxy-prime-acc-info (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2023/07/20 12:0 a.m.400 views

ViaTalk CP - Persistent XSS Web Vulnerability

Document Title: =============== ViaTalk CP - Persistent XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2314 Release Date: ============= 2023-07-20 Vulnerability Laboratory ID VL-ID: ==================================== 2314 Common...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/24 6:36 a.m.4 views

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.28 views

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

7.8AI score0.00783EPSS
Exploits2References1
PyPA
PyPA
added 2022/02/23 11:15 p.m.8 views

PYSEC-2022-33

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS6AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/10/15 11:57 a.m.2 views

CVE-2021-42336

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

4.3CVSS5.8AI score0.00818EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/12/15 10:15 p.m.22 views

CVE-2014-3536

CFME CloudForms Management Engine 5: RHN account information is logged to topoutput.log during registration...

5.5CVSS5.4AI score0.00328EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2019/11/28 2:49 a.m.113 views

Magento Marketplace Suffers Data Breach Exposing Users' Account Info

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that expose...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2017/08/22 8:5 a.m.19 views

Fuze Patches TPN Handset Vulnerabilties

Fuze, a maker of popular enterprise-grade voice-over-IP handsets, earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication. The issues were made public today by researchers at Rapid7 who privately disclosed the flaws on April 12...

7.6AI score
Exploits0References1
Prion
Prion
added 2015/04/16 11:59 p.m.12 views

Design/Logic Flaw

The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances...

2.1CVSS7AI score0.00459EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

SIPS 0.2.2 User Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7134/info It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/04/04 12:0 a.m.18 views

IntegraXor账户信息泄漏漏洞

Bugtraq ID:66554 Ecava IntegraXor是一款使用HTML和SVG的人机接口产品。 Ecava IntegraXor存在未明错误,允许攻击者利用漏洞获取敏感账户信息。 0 IntegraXor 4.x Ecava IntegraXor 4.1 build 4410版本已修复该漏洞,建议用户下载使用: http://www.integraxor.com...

7.1AI score
Exploits0
Cisco Threats
Cisco Threats
added 2013/11/18 9:1 p.m.10 views

Threat Outbreak Alert: Fake Account Information Email Messages on November 17, 2013

Medium Alert ID: 31800 First Published: 2013 November 18 21:01 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain account information for the recipient. The text in the email message attempts to convince the recipient to op...

0.3AI score
Exploits0
Fedora
Fedora
added 2013/11/10 7:15 a.m.18 views

[SECURITY] Fedora 20 Update: accountsservice-0.6.35-1.fc20

The accountsservice project provides a set of D-Bus interfaces for querying and manipulating user account information and an implementation of these interfaces, based on the useradd, usermod and userdel commands...

3.1AI score
Exploits0
Rows per page
Query Builder