Lucene search
K

23 matches found

EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2026-39656

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.7 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

5.3CVSS0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 12:38 p.m.19 views

CVE-2026-57924

CVE-2026-57924 affects JetBrains YouTrack prior to version 2026.2.16593, where a default role configuration exposed excessive user profile details. The root cause is not fully described beyond this exposure, but the impact implies potential disclosure of user profile information to unauthorized u...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52704

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 2026/05/23 7:16 p.m.12 views

CVE-2018-25354

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...

5.3CVSS0.00132EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.8 views

CVE-2018-25354 Joomla Component jomres 9.11.2 Cross-Site Request Forgery

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.12 views

CVE-2018-25354

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References4Affected Software1
Circl
Circl
added 2025/06/22 6:44 p.m.7 views

CVE-2025-6487

creationtimestamp| type| source ---|---|--- 2025-06-22 18:44:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19172 2025-06-22 19:00:58+00:00| published-proof-of-concept| Telegram/nHwRDF2pACkOFCESw7WBf09x7jYFFFCQYf7GTcksxOZY6eE 2025-06-22 19:24:13+00:00| seen|...

9CVSS7.6AI score0.00759EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.6 views

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

5.4CVSS6AI score0.006EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:57 a.m.10 views

CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

9.8CVSS6.9AI score0.02711EPSS
Exploits1References1
CVE
CVE
added 2025/05/21 1:3 p.m.52 views

CVE-2025-1418

CVE-2025-1418 affects the Proget MDM server (Konsola Proget). A low-privileged user could read information about profiles (which describe allowed/prohibited functions). The issue does not expose sensitive data about devices in the initial description, but it leaks profile metadata. The entry is f...

5.1CVSS6.2AI score0.00162EPSS
Exploits0References2
Citrix
Citrix
added 2025/05/08 12:0 a.m.10 views

Citrix Profile Management: Temporary Profile Loading and Profile details not visible in Director

Temporary Profile Loading and Profile details not visible in Director...

7.1AI score
Exploits0
Circl
Circl
added 2025/03/17 10:54 a.m.5 views

CVE-2025-2201

creationtimestamp| type| source ---|---|--- 2025-03-17 10:54:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7753 2025-03-17 13:17:06+00:00| seen| https://t.me/cvedetector/20453 2025-03-17 13:51:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lklcf3z2gi2x 2025-08-13...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3
Circl
Circl
added 2025/02/19 8:16 a.m.5 views

CVE-2024-13660

creationtimestamp| type| source ---|---|--- 2025-02-19 08:16:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdk4lrxn2g 2025-02-19 08:41:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4791 2025-02-19 12:03:19+00:00| seen|...

6.4CVSS8.7AI score0.00385EPSS
Exploits0References3
Circl
Circl
added 2025/01/16 9:16 p.m.5 views

CVE-2025-23796

creationtimestamp| type| source ---|---|--- 2025-01-16 21:16:44+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7bt57ho2e...

6.5CVSS6.9AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

WordPress plugin WP Delicious 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS6.8AI score0.00753EPSS
Exploits0References5
OSV
OSV
added 2021/10/04 12:15 p.m.3 views

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

5.4CVSS5.8AI score0.006EPSS
Exploits3References1
Prion
Prion
added 2019/08/14 9:15 p.m.19 views

Improper access control

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

7.5CVSS9.2AI score0.02711EPSS
Exploits1References2Affected Software2
Qualys Blog
Qualys Blog
added 2018/05/29 7:10 p.m.48 views

Qualys Cloud Platform 2.33 New Features

This release of the Qualys Cloud Platform version 2.33 includes the release for CertView, plus updates and new features for AssetView, Cloud Agent, EC2 Connector, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. This posting has bee...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2015/08/18 7:46 p.m.21 views

ownCloud: owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF)

Allowed an attacker to force a user to change profile details. XCSRF A CSRF attack would not be prevented by this countermeasure because the attacker forges a request through the user's web browser in which a valid session already exists. There is no mitigation of Cross-Site Request Forgery XCSRF...

Exploits0
Rows per page
Query Builder