CVE-2025-57130

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...

DataHub Security Breach

DataHub is datahub-project's open source metadata platform for a modern data stack. A security vulnerability exists in versions of DataHub prior to 0.12.0 that stems from allowing a low-privileged user to delete a user, edit a group member, or edit another user's profile information...

WordPress plugin Bulk Edit and Create User Profiles 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Bulk Edit and Create User Profiless plugin versions prior to 1.5.14 have a cross-site scripting...

CVE-2007-1179

WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to 1 the Recommend feature, Email Article 2 senders and 3 recipients, 4 New User Approval, 5 Edit Profiles, 6 the Newsletter Subscription form, 7 the Recommend form, and 8 sending of articles, which has...