8 matches found
CVE-2026-35175 Ajenti has an authorization bypass during custom package installation
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...
CVE-2025-65900
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
CVE-2025-51506
In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...
GHSA-4GR7-QW2Q-JXH6 Cross-site Scripting in Nacos
A Cross Site Scripting XSS vulnerability exists in Nacos prior to 1.4.5 and 2.1.0-BETA in auth/users via the 1 pageSize and 2 pageNo parameters...
Cross-site Scripting in Nacos
A Cross Site Scripting XSS vulnerability exists in Nacos prior to 1.4.5 and 2.1.0-BETA in auth/users via the 1 pageSize and 2 pageNo parameters...
CVE-2021-44667
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
CVE-2021-44667
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...