23 matches found
EUVD-2026-39656
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
CVE-2026-57924 affects JetBrains YouTrack prior to version 2026.2.16593, where a default role configuration exposed excessive user profile details. The root cause is not fully described beyond this exposure, but the impact implies potential disclosure of user profile information to unauthorized u...
PT-2026-52704
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...
CVE-2018-25354
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...
CVE-2018-25354 Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...
CVE-2018-25354
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...
CVE-2025-6487
creationtimestamp| type| source ---|---|--- 2025-06-22 18:44:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19172 2025-06-22 19:00:58+00:00| published-proof-of-concept| Telegram/nHwRDF2pACkOFCESw7WBf09x7jYFFFCQYf7GTcksxOZY6eE 2025-06-22 19:24:13+00:00| seen|...
CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
CVE-2019-9584
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...
CVE-2025-1418
CVE-2025-1418 affects the Proget MDM server (Konsola Proget). A low-privileged user could read information about profiles (which describe allowed/prohibited functions). The issue does not expose sensitive data about devices in the initial description, but it leaks profile metadata. The entry is f...
Citrix Profile Management: Temporary Profile Loading and Profile details not visible in Director
Temporary Profile Loading and Profile details not visible in Director...
CVE-2025-2201
creationtimestamp| type| source ---|---|--- 2025-03-17 10:54:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7753 2025-03-17 13:17:06+00:00| seen| https://t.me/cvedetector/20453 2025-03-17 13:51:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lklcf3z2gi2x 2025-08-13...
CVE-2024-13660
creationtimestamp| type| source ---|---|--- 2025-02-19 08:16:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdk4lrxn2g 2025-02-19 08:41:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4791 2025-02-19 12:03:19+00:00| seen|...
CVE-2025-23796
creationtimestamp| type| source ---|---|--- 2025-01-16 21:16:44+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7bt57ho2e...
WordPress plugin WP Delicious 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
Improper access control
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...
Qualys Cloud Platform 2.33 New Features
This release of the Qualys Cloud Platform version 2.33 includes the release for CertView, plus updates and new features for AssetView, Cloud Agent, EC2 Connector, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. This posting has bee...
ownCloud: owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF)
Allowed an attacker to force a user to change profile details. XCSRF A CSRF attack would not be prevented by this countermeasure because the attacker forges a request through the user's web browser in which a valid session already exists. There is no mitigation of Cross-Site Request Forgery XCSRF...