Lucene search
+L

419 matches found

CNNVD
CNNVD
added 2025/11/25 12:0 a.m.9 views

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP version 2.3.1, which originates from the user/addUser endpoint being susceptible to Fastjson deserialization attack...

9.8CVSS6.7AI score0.00416EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/24 6:31 p.m.5 views

EUVD-2025-198969

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.5CVSS6.2AI score0.00141EPSS
Exploits1References3
NVD
NVD
added 2025/11/24 5:16 p.m.9 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.5CVSS0.00141EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.14 views

PT-2025-47943

Name of the Vulnerable Software and Affected Versions Magewell Pro Convert version 1.2.213 Description A Cross-Site Request Forgery CSRF exists in the /mwapi?method=add-user component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint...

5.7CVSS6.6AI score0.00139EPSS
Exploits1References6
CVE
CVE
added 2025/11/24 12:0 a.m.21 views

CVE-2025-63952

CVE-2025-63952 describes a CSRF vulnerability in Magewell Pro Convert v1.2.213, specifically in the /mwapi?method=add-user endpoint, which can allow an attacker to create accounts via a crafted GET request. Multiple connected sources (Red Hat, CNNVD, CVE lists, and PT Security) confirm the issue ...

5.7CVSS6.3AI score0.00139EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.6 views

Magewell Ultra Encode 安全漏洞

Magewell Ultra Encode is a video encoder from the Chinese company Magewell. A security vulnerability exists in Magewell Ultra Encode version 1.2.213, which originates from a cross-site request forgery in the /mwapi?method=add-user component...

5.7CVSS6.7AI score0.00139EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.4 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.3AI score0.00141EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.17 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

0.00141EPSS
Exploits1References2
CVE
CVE
added 2025/11/24 12:0 a.m.16 views

CVE-2025-63953

CVE-2025-63953 describes a Cross-Site Request Forgery (CSRF) in Magewell Pro Convert v1.2.213 affecting the /usapi?method=add-user endpoint. The vulnerability allows an attacker to create user accounts via a crafted GET request. Documents consistently identify the affected software/version and th...

6.5CVSS6.3AI score0.00141EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2025/10/27 3:0 p.m.12 views

Revive Adserver: Information Disclosure via “Add user” lookup in Account Management (User Access)

Version: ==revive-adserver 6.0.0== Flow Administrator Account ├── Management 1 │ ├── User A1 │ └── User A2 └── Management 2 ├── User B1 leak email, contacname └── User B2 leak email, contacname Summary: When a user under Management 1 navigates to User Access → Add user and enters a username, the...

4.3CVSS6.7AI score0.00284EPSS
Exploits1
Cvelist
Cvelist
added 2025/10/23 8:10 p.m.16 views

CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS0.00166EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...

5.3CVSS6.9AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/13 8:42 p.m.13 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 8:42 p.m.20 views

CVE-2025-62252

The CVE-2025-62252 issue is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5, and 7.4 GA–update 92. Affected code path is the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter, which can let remote authenticated user...

5.3CVSS6.4AI score0.00248EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.11 views

PT-2025-41811

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR iss...

5.3CVSS6.4AI score0.00248EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/10 1:32 a.m.10 views

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS5.8AI score0.00272EPSS
Exploits1References1
OSV
OSV
added 2025/10/08 5:15 p.m.6 views

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS4.1AI score0.00272EPSS
Exploits1References5
NVD
NVD
added 2025/10/08 5:15 p.m.7 views

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS0.00272EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/08 5:2 p.m.7 views

EUVD-2025-33292

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS5.4AI score0.00272EPSS
Exploits1References7
CVE
CVE
added 2025/10/08 5:2 p.m.17 views

CVE-2025-11485

CVE-2025-11485 affects SourceCodester Student Grades Management System 1.0, specifically the add_user function in /admin.php within the Manage Users Page. The vulnerability arises from manipulating the first_name/last_name parameters, enabling cross-site scripting (XSS). The issue can be exploite...

4.8CVSS5.6AI score0.00272EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder