17 matches found
PT-2026-45802
NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...
GHSA-G78X-7VWX-9F58 Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...
CVE-2025-13881
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...
CVE-2025-13881
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...
CVE-2025-13881
The CVE-2025-13881 entry describes a vulnerability in the Keycloak Admin API where an administrator with limited privileges can retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings. Affected software is Keycloak Admin API (details ...
CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...
EUVD-2025-206603
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...
EUVD-2014-1360
Malware in sbrugna...
CVE-2024-56339
creationtimestamp| type| source ---|---|--- 2025-07-17 13:20:05+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3lu5zj3fenn2b 2025-07-17 13:30:04+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3lu622welul2m 2025-07-17 14:10:03+00:00| seen|...
CVE-2025-53094
creationtimestamp| type| source ---|---|--- 2025-06-27 20:25:01+00:00| seen| https://bsky.app/profile/potato.software/post/3lsmhwirigj2p 2025-06-27 20:39:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsmiqcpzd325 2025-06-27 20:52:27+00:00| published-proof-of-concept|...
CVE-2023-5612
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled...
Information Exposure
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure due to improper handling of user profile visibility settings in gradebook reports. Remediation Upgrade moodle/moodle to version 4.4.2, 4.3.6, 4.2.9, 4.1.12 or higher. References...
UBUNTU-CVE-2023-5612
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled...
PT-2024-1472 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.6.6 GitLab versions 16.7 prior to 16.7.4 GitLab versions 16.8 prior to 16.8.1 Description: An issue has been discovered in GitLab that allows reading the user email address via tags feed, even though the visibility...
UBUNTU-CVE-2021-32477
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...
Nextcloud: Anonymous file drop page ignores user profile visibility restrictions
User profile on Nextcloud server by url like https:///index.php/settings/user includes personal information: photo, name, email address. For each listed fields user can select the visibility settings: local, contacts, public. It is expected that these settings will work in all places of the...
Design/Logic Flaw
The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name...