14 matches found
EUVD-2026-36218
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
Cerebrate 安全漏洞
Cerebrate is an open source platform from Cerebrate Open Source. Designed to act as an interconnect coordinator for trusted contact information providers and other security tools. A security vulnerability exists in versions of Cerebrate prior to 1.30, which stems from the possibility that an...
EUVD-2025-14245
Malicious code in bioql PyPI...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
PT-2025-20645 · Bluewave · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions 2.0.2 and earlier, before b387eba Description: The issue allows a profile edit request to include a role parameter. This is related to the external control of assumed-immutable web parameters. Recommendations: For...
CVE-2025-47817
CVE-2025-47817 affects BlueWave Checkmate 2.0.2 and earlier (pre-b387eba). The issue arises from a profile edit request permitting a role parameter, enabling unvalidated external control of web parameters. CVSS v3.1: Network attack, low privileges, no user interaction, with high impacts to confid...
GeniXCMS Mailbox validation logic vulnerability
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSGUSEREMAILEXIST protection mechanism via a register.php?act=edit&id=1 request...
CVE-2017-11557
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request...
CVE-2019-9594
BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...
Cross site request forgery (csrf)
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request...
fogforum-lfi.txt
======================================================= FOG Forum 0.8.1 Local File Inclusion Vulnerabilities ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
PHP-Nuke SQL Injection Edit/Save Message(s) Bug
Exploit for unknown platform in category web applications =============================================== PHP-Nuke SQL Injection Edit/Save Messages Bug =============================================== !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy ...