Lucene search
K

39 matches found

Cvelist
Cvelist
added 2025/10/07 12:0 a.m.15 views

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

9.9CVSS0.15568EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:0 a.m.6 views

EUVD-2025-32882

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...

9.9CVSS6.2AI score0.15568EPSS
Exploits2References2
CVE
CVE
added 2025/10/07 12:0 a.m.37 views

CVE-2025-44823

Nagios Log Server (before 2024R1.3.2) is vulnerable: unauthenticated? No—authenticated users with access to the API can call /nagioslogserver/index.php/api/system/get_users to retrieve cleartext admin API keys. The underlying issue exposes user accounts and API keys, enabling full system compromi...

9.9CVSS6.3AI score0.15568EPSS
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:6 a.m.4 views

CVE-2017-1000120

ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...

8.8CVSS8.5AI score0.0112EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.7 views

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method GetUsers, which can be exploited by an attacker to bypass authorizatio...

8.8CVSS8.4AI score0.00683EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.10 views

PT-2025-41174

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server before version 2024R1.3.2 contains a flaw that allows authenticated users to retrieve cleartext administrative API keys. This is achieved by making a call to the...

9.9CVSS6.3AI score0.15568EPSS
Exploits2References19
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.15 views

PT-2025-12318

Name of the Vulnerable Software and Affected Versions BerriAI/litellm version main-latest Description The issue is related to improper authorization. When a user with the role internal user viewer logs into the application, they are provided with an overly privileged API key. This key allows acce...

8.1CVSS7.2AI score0.00315EPSS
Exploits0References16
OSV
OSV
added 2024/11/25 9:15 p.m.12 views

CVE-2024-50671

Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...

4.3CVSS5.7AI score0.00325EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.7 views

PT-2024-34387 · Adapt Learning · Adapt Learning Adapt Authoring Tool

Name of the Vulnerable Software and Affected Versions: Adapt Learning Adapt Authoring Tool versions = 0.11.3 Description: The issue is related to incorrect access control, allowing attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. This occurs due to a...

4.3CVSS9.3AI score0.00325EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.7 views

Adapt Authoring Tool 安全漏洞

Adapt Authoring Tool is a free and easy-to-use eLearning authoring tool from Adapt Learning open source. A security vulnerability exists in Adapt Authoring Tool that stems from incorrect access control and allows an attacker with an authenticated user role to obtain an email address via the Get...

4.3CVSS6.5AI score0.00325EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/02/10 12:0 a.m.5 views

PT-2024-15676 · WordPress · The Awesome Support – Wordpress Helpdesk & Support Plugin

Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to unauthorized access due to a missing capability check on the wpas get users function, whi...

4.3CVSS5.2AI score0.00429EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/02/10 12:0 a.m.3 views

PT-2024-15675 · WordPress · The Awesome Support – Wordpress Helpdesk & Support Plugin

Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to a union-based SQL Injection vulnerability via the q parameter of the wpas get users actio...

8.8CVSS8.9AI score0.00628EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/02/10 12:0 a.m.3 views

WordPress Plugin Awesome Support SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.7AI score0.00628EPSS
Exploits0References5
OSV
OSV
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2599

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...

6.5CVSS6.9AI score0.00424EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2599

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...

6.5CVSS7.3AI score0.00424EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.4 views

WordPress Plugin Active Directory Integration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS7AI score0.00424EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/04/05 12:0 a.m.12 views

PT-2021-15716

Name of the Vulnerable Software and Affected Versions: User Profile Picture WordPress plugin versions prior to 2.5.0 Description: The issue concerns the REST API endpoint "get users" in the User Profile Picture WordPress plugin, which returned excessive information to users with the upload files...

7.5CVSS7.4AI score0.04788EPSS
Exploits2References5
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.10 views

MantisBT SQL注入漏洞

MantisBT is a lightweight, free and open source, web-based defect tracking system. A SQL injection vulnerability exists in the "access" parameter of the mcprojectgetusers function in MantisBT 2.24.3. An attacker can exploit this vulnerability via API SOAP to conduct SQL injection attacks...

6.5CVSS5.9AI score0.04725EPSS
Exploits3References5
CNVD
CNVD
added 2017/10/09 12:0 a.m.5 views

Frappe frappe.share.get_users SQL Injection Vulnerability

Frappe is a WEB application. Frappe frappe.share.getusers suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

8.8CVSS9.1AI score0.0112EPSS
Exploits0References1
Rows per page
Query Builder