12 matches found
CVE-2026-35575
ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting Stored XSS vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator...
EUVD-2025-208340
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...
PT-2025-51921
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A flaw exists where an authenticated user with specific permissions "Edit Records" and "Manage Properties and Classifications" can inject a...
EUVD-2025-19028
Malicious code in bioql PyPI...
CVE-2025-32975
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...
CVE-2025-32975
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...
CVE-2025-32975
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...
PT-2025-26740
Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance SMA versions 13.0.x prior to 13.0.385 Quest KACE Systems Management Appliance SMA versions 13.1.x prior to 13.1.81 Quest KACE Systems Management Appliance SMA versions 13.2.x prior to 13.2.183 Quest KACE...
CVE-2025-32975
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...
CVE-2025-32975
CVE-2025-32975 affects Quest KACE SMA versions 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4). The issue is an authentication bypass in the SSO authentication handling mechanism that could allow an atta...
PT-2024-25681 · Froxlor +1 · Froxlor +1
Name of the Vulnerable Software and Affected Versions: Froxlor versions prior to 2.1.9 Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated user can inject malicious scrip...
IDOR in password change page leads to administrative account takeover
Description The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account. Proof of Concept 1. 1 - Log in as a normal user that can change its o...