14 matches found
EUVD-2020-24572
Malware in sbrugna...
EUVD-2021-31828
Malicious code in bioql PyPI...
CVE-2023-0814
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...
CVE-2024-0404
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
CVE-2024-0404
CVE-2024-0404 describes a mass-assignment vulnerability in the mintplex-labs/anything-llm repository, specifically the "/api/invite/:code" endpoint. The issue allows an attacker to inject a privileged role (admin) during account creation via an invitation link by exploiting missing property allow...
VulnCheck KEV: CVE-2022-21662
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been...
CVE-2021-45031
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...
Design/Logic Flaw
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...
CVE-2021-45031
CVE-2021-45031 affects MEPSAN’s USC+ prior to version 3.0. The vulnerability is a weakness in the login function that lets attackers generate passwords for high-privilege accounts, enabling potential unauthorized access and elevation of privileges. Reports consistently identify versions before 3....
CVE-2021-45031 Weak Authentication in Login Function of USC+
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...
CVE-2017-15374
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...