Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 2:32 a.m.4 views

CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization

A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The...

5.3CVSS4.8AI score0.00364EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 2:32 a.m.5 views

CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization

A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The...

5.3CVSS5.6AI score0.00364EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/19 2:32 a.m.33 views

CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization

A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The...

5.3CVSS0.00364EPSS
Exploits1References3
CVE
CVE
added 2026/02/19 2:32 a.m.17 views

CVE-2026-2693

CVE-2026-2693 affects CoCoTeaNet CyreneAdmin up to version 1.3.0. The vulnerability resides in the System Info Endpoint component, specifically /api/system/dashboard/getCount, where improper authorization can be exploited. The issue can be triggered remotely over the network, and public disclosur...

6.5CVSS5AI score0.00364EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/10/28 6:15 p.m.5 views

CVE-2025-60800

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request...

7.5CVSS0.00291EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-44195

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit 90c411a Description An access control issue exists in the /jshERP-boot/user/info interface of jshERP. An attacker can obtain sensitive information by sending a specially crafted GET request to this interface. Th...

7.5CVSS6.5AI score0.00291EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/28 12:0 a.m.3 views

CVE-2025-60800

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request...

6.1AI score0.00291EPSS
Exploits1References1
OSV
OSV
added 2025/08/20 6:32 p.m.6 views

CVE-2025-9240 elunez eladmin info information disclosure

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

5.3CVSS5.6AI score0.00298EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/08/20 6:32 p.m.15 views

CVE-2025-9240 elunez eladmin info information disclosure

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

5.3CVSS0.00298EPSS
Exploits1References5
CVE
CVE
added 2025/08/20 1:9 p.m.22 views

CVE-2025-24496

CVE-2025-24496 affects Tenda AC6 V5.0 V02.03.01.110. The information-disclosure flaw resides in /goform/getproductInfo; Talos notes an authentication bypass when requesting this URL, allowing a non-authenticated retrieval of module data via the generic getter, potentially exposing configuration d...

7.5CVSS6.5AI score0.00342EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.3 views

WordPress plugin bSecure 安全漏洞

WordPress bSecure plugin is a plugin used to enhance the security of the website, mainly for the payment page of GiveWP to provide security features. An elevation of privilege vulnerability exists in the WordPress bSecure plugin, which stems from a lack of authorization in the orderinfo REST...

9.8CVSS7AI score0.00668EPSS
Exploits0References6
CVE
CVE
added 2025/06/20 4:4 p.m.36 views

CVE-2025-5416

CVE-2025-5416 concerns Keycloak exposing sensitive environment information via the authenticated-accessible endpoint /admin/serverinfo . Multiple sources describe an information-disclosure flaw that can reveal internal server details when an authenticated user accesses the endpoint. The NVD and R...

2.7CVSS6.2AI score0.00242EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.3 views

CVE-2024-56361

LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...

5.3CVSS5.5AI score0.00435EPSS
Exploits0References1
Snyk
Snyk
added 2024/12/26 8:20 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS by sending a crafted payload to the /info endpoint via the lgslquery40 function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an...

6.1CVSS5.2AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.3 views

PT-2024-36803 · Lgsl · Lgsl

Name of the Vulnerable Software and Affected Versions: LGSL versions prior to 7.0.0 Description: A stored cross-site scripting XSS vulnerability was identified in LGSL. The issue arises from improper sanitation of user input. The function lgsl query 40 in lgsl protocol.php has implemented an HTTP...

5.3CVSS5.7AI score0.00435EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.4 views

PT-2024-34374 · Unknown · Python Food Ordering System

Name of the Vulnerable Software and Affected Versions: python food ordering system version V1.0 Description: The python food ordering system has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through the...

7.5CVSS6.4AI score0.00468EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/07/05 7:42 p.m.49 views

Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Impact The Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of an XSS vulnerability in an upstream...

6.5CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/02 8:2 p.m.23 views

CVE-2024-39315 Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

5.7CVSS6AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.9 views

PT-2024-28365 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component /admin/info deal.php?mudi=del&dataType=news&dataTypeCN. This issue allows for unauthorized requests to be made. The mudi, dataType, and...

4.7CVSS6.7AI score0.00222EPSS
Exploits1References4
CNVD
CNVD
added 2024/05/11 12:0 a.m.9 views

Linksys E5600 Command Injection Vulnerability

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A command injection vulnerability exists in the Linksys E5600 v1.1.0.26, which stems from the failure of the PinCode parameter of the /API/info form endpoint to properly filter constructed command special characters...

8CVSS7.4AI score0.01948EPSS
Exploits1References1
Rows per page
Query Builder