EUVD-2024-2868

Malicious code in bioql PyPI...

CVE-2025-2637

A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The...

CVE-2025-2637

CVE-2025-2637 affects JIZHICMS up to version 1.7.0. Affected is the file /user/userinfo.html in the Account Profile Page, where manipulation of the parameter jifen leads to improper authorization. The issue is exploitable remotely and the exploit has been disclosed publicly. Multiple sources corr...

CVE-2025-2637 JIZHICMS Account Profile Page userinfo.html improper authorization

A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The...

CVE-2025-2637 JIZHICMS Account Profile Page userinfo.html improper authorization

A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The...

PT-2025-12504 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: JIZHICMS version 1.7.0 Description: A vulnerability has been found in JIZHICMS, affecting some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the jifen argument leads to improp...

GHSA-RW3J-574H-MRCQ IDOR vulnerability in account profile page

Impact Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer...

IDOR vulnerability in account profile page

Impact Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer...

Authorization Bypass Through User-Controlled Key

Overview aimeos/ai-controller-frontend is an Aimeos business controller logic for frontend Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the account profile page. An attacker can manipulate account details and disable subscriptions an...

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

Legal Robot: Account profile shows encryption recovery box for all users

A security researcher discovered that the encryption recovery section on the Legal Robot account profile page was shown to all users, even those that were not using the feature. There was no security impact from any user seeing or using the feature - quite the opposite, in fact. However, when...

NAP Turbo NAS Series Devices 'Edit Account Profile' Cross-Site Scripting Vulnerability

NAP Turbo NAS Series Devices is a backup software that supports real-time backup, data synchronization and scheduled backup. An input validation vulnerability exists in the "Edit Account Profile" page of NAP Turbo NAS Series Devices, which can be exploited by remote attackers to inject malicious...

Prediction Football 2.51 - Cross-Site Request Forgery

Prediction Football 2.51 - Cross-Site Request Forgery Exploit Title: title Google Dork: if relevant intext:"Prediction football 2.51" Date: 08/08/2011 Author: Smith Falcon Software Link: http://www.predictionfootball.com/download/download.html Version: 2.51 Tested on: Linux First create a usernam...

Prediction Football 2.51 XRF / CSRF

Exploit for php platform in category web applications Exploit Title: title Google Dork: if relevant intext:"Prediction football 2.51" Date: 08/08/2011 Author: Smith Falcon Software Link: http://www.predictionfootball.com/download/download.html Version: 2.51 Tested on: Linux First create a usernam...

Prediction Football 2.51 - Cross-Site Request Forgery

Exploit Title: title Google Dork: if relevant intext:"Prediction football 2.51" Date: 08/08/2011 Author: Smith Falcon Software Link: http://www.predictionfootball.com/download/download.html Version: 2.51 Tested on: Linux First create a username and go to Account Profile The POST variable in...

dokuwiki -- multiple vulnerabilities

Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...