Incorrect Privilege Assignment

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the Admin API. An attacker can access sensitive user attributes ...

EUVD-2011-4740

Malware in sbrugna...

EUVD-2019-16975

Malware in sbrugna...

EUVD-2018-13184

Malware in sbrugna...

EUVD-2008-6485

Malware in sbrugna...

EUVD-2022-7369

Malicious code in bioql PyPI...

CVE-2022-44071

Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting XSS via profile...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

PT-2025-19751 · Dbsyncer · Dbsyncer

Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations: For...

CVE-2025-45236

Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2022-44071

Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting XSS via profile...

CVE-2019-8349

Multiple cross-site scripting XSS vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 destination parameter to delete feature; the 2 destination parameter to edit feature; 3 content parameter in the profile feature...

CVE-2018-20633

PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery CSRF via the Edit Profile feature...

CVE-2018-20644

PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery CSRF via the Edit profile feature...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 snippets in a user comment, which is not properly handled in a Confluence page, or 2 the user profile display name,...

CVE-2011-4822

CVE-2011-4822 involves multiple cross-site scripting (XSS) vulnerabilities in the Atlassian FishEye user profile feature prior to version 2.5.5. The issue allows remote attackers to inject arbitrary web script or HTML via two vectors: (1) snippets in a user comment that are not properly sanitized...

CVE-2005-0651

Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via 1 liste or 2 desc parameters to divers.php incorrectly referred to as "drivers.php" by some sources, 3 the search feature text area, 4 post name in the post creation feature, 5...

CVE-2002-1917

CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header...