EUVD-2026-38504

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing...

EUVD-2023-1142

Malicious code in bioql PyPI...

Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

GHSA-XG89-VVWP-9C27 Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

CVE-2023-27095

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

Design/Logic Flaw

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

CVE-2023-27095

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

PT-2023-20952 · Unknown · Opengoofy Hippo4J

Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to escalate privileges via the AddUser method of the UserController function in the Tenant Management module. This is due to an Insecure Permissions vulnerability...

CVE-2023-27095

OpenGoofy Hippo4j v1.4.3 has an Insecure Permissions vulnerability allowing privilege escalation via the AddUser method in the UserController of the Tenant Management module. The root cause is insecure permission handling, enabling an attacker to elevate privileges. The CVE entry cites impact on ...

CVE-2023-27095

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

Liferay 6.1 can be compromised in its default configuration

Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...