Lucene search
K

59 matches found

OSV
OSV
added 2026/03/05 7:16 p.m.4 views

CVE-2026-26417

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests...

8.1CVSS5.9AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.18 views

CVE-2023-7325

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

9.3CVSS0.0037EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:17 p.m.11 views

CVE-2023-7325 Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

9.3CVSS0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.10 views

PT-2025-44460

Name of the Vulnerable Software and Affected Versions Anheng Mingyu Operation and Maintenance Audit and Risk Control System versions prior to 2023-08-10 Description The software contains a server-side request forgery SSRF issue in the xmlrpc.sock handler. The system is susceptible to specially...

9.3CVSS6.9AI score0.0037EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-12658

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00486EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 4:39 a.m.13 views

CVE-2024-9927

The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allowpaymentwithoutlogin function. This makes it possible for authenticated attackers, with Shop...

7.2CVSS7AI score0.00453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:21 a.m.13 views

CVE-2024-9263

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...

9.8CVSS9.5AI score0.01146EPSS
Exploits0References1
NVD
NVD
added 2024/09/24 3:15 a.m.20 views

CVE-2024-8791

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...

9.8CVSS0.00733EPSS
Exploits0References3
CVE
CVE
added 2024/09/24 2:31 a.m.60 views

CVE-2024-8791

CVE-2024-8791 affects Charitable – Donation Plugin for WordPress (versions

9.8CVSS9.7AI score0.00733EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.439 views

Visual Planning 8 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49232 Link ====...

6.8AI score0.01525EPSS
Exploits1
Prion
Prion
added 2023/12/15 10:15 a.m.14 views

Design/Logic Flaw

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

7.5CVSS7.8AI score0.0057EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/04 8:15 a.m.31 views

Code injection

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

7.5CVSS9.3AI score0.72306EPSS
Exploits12References2Affected Software1
NVD
NVD
added 2023/04/04 11:15 p.m.19 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2
Prion
Prion
added 2023/04/04 11:15 p.m.14 views

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

5.8CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.20 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.4AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2023/02/09 4:15 p.m.14 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.8AI score0.00486EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.5 views

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a cross-site scripting vulnerability that originates when the application returns malicious user input in a response with the...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.51 views

Cross-Site Request Forgery (CSRF)

admidio 3.2.8 has CSRF in admprogram/modules/members/membersfunction.php with an impact of deleting arbitrary user accounts...

4.5CVSS7.1AI score0.02626EPSS
Exploits5References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/08 12:15 p.m.2 views

CVE-2022-26313

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...

9.8CVSS5.8AI score0.00953EPSS
Exploits0References2
OSV
OSV
added 2022/03/08 12:15 p.m.5 views

CVE-2022-26313

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...

9.8CVSS5.8AI score0.00953EPSS
Exploits0References1
Rows per page
Query Builder