CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-2898 funadmin Backend Endpoint AuthCloudService.php getMember deserialization

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

CVE-2020-7210

Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts...

CVE-2024-41259

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...

EUVD-2016-10295

Malware in sbrugna...

EUVD-2008-0008

Malware in sbrugna...

EUVD-2008-5377

Malware in sbrugna...

EUVD-2006-5582

Malware in sbrugna...

EUVD-2022-41775

Malicious code in bioql PyPI...

EUVD-2025-24964

Malicious code in bioql PyPI...

EUVD-2023-37012

Malicious code in bioql PyPI...

CVE-2025-9931

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-9931

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-9002

CVE-2025-9002 affects Surbowl dormitory-management-php v1.0, specifically login.php; manipulating the Account parameter enables a SQL injection. The attack is remote and the exploit has been publicly disclosed. Vendors list this product as no longer supported, and there is no available informatio...

CS Cart 安全漏洞

CS Cart is an e-commerce system from CS Cart Inc. in the United States. A security vulnerability exists in CS Cart version 4.18.3, which stems from an insecure direct object reference that could lead to unauthorized manipulation of other user accounts...

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

CVE-2023-47294

CVE-2023-47294 affects NCR Terminal Handler v1.5.1. A crafted session cookie can allow a low-privileged authenticated attacker to arbitrarily deactivate, lock, or delete user accounts. Root cause cited across sources relates to insufficient session cookie validation. Impact is user-account manipu...