Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.10 views

CVE-2022-31164

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...

7.5CVSS6.6AI score0.00543EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-52774

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00543EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-12778

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00278EPSS
Exploits2References1
CNVD
CNVD
added 2023/07/19 12:0 a.m.10 views

Unauthorized Access Vulnerability in EduSoho Enterprise Training Open Source Edition

EduSoho enterprise training version is for enterprise customers for enterprise talent training for the goal of learning platform products. EduSoho Enterprise Training Edition is a platform product for enterprise customers for the purpose of enterprise talent training. It provides platform product...

6.8AI score
Exploits0
OSV
OSV
added 2023/05/15 1:15 p.m.5 views

CVE-2023-0761

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...

4.3CVSS6.7AI score0.00278EPSS
Exploits2References1
NVD
NVD
added 2023/05/15 1:15 p.m.12 views

CVE-2023-0761

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...

4.3CVSS4.7AI score0.00278EPSS
Exploits2References1
CVE
CVE
added 2023/05/15 12:15 p.m.47 views

CVE-2023-0761

The CVE-2023-0761 entry concerns a CSRF vulnerability in the Clock In Portal – Staff & Attendance Management WordPress plugin (versions

4.3CVSS4.9AI score0.00278EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.11 views

CVE-2023-0762 Clock In Portal <= 2.1 - Designation Deletion via CSRF

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack...

7.1AI score0.00278EPSS
Exploits2References1
Prion
Prion
added 2022/08/18 8:15 p.m.10 views

Sql injection

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php...

7.5CVSS9.7AI score0.00921EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/07/22 4:15 a.m.10 views

CVE-2022-31164

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...

7.5CVSS0.00543EPSS
Exploits0References2
CVE
CVE
added 2022/07/21 1:35 p.m.53 views

CVE-2022-31164

CVE-2022-31164 affects Tovy, a staff management system for Roblox groups. In versions prior to 0.7.51, the authentication/authorization flow allows a user to log in as another user, including privileged accounts, enabling impersonation. The issue is resolved by upgrading to version 0.7.51 or late...

7.5CVSS7.4AI score0.00543EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2022/02/01 2:42 p.m.13 views

Shopify: User with no Develop apps permission can Uninstall Custom App

Hi, You know user must have Develop apps permission to Uninstall Develop apps to test this just create staff with Manage and install apps and channels F1601504 send this mutation just change appId by your id...

0.9AI score
Exploits0
CNVD
CNVD
added 2019/12/13 12:0 a.m.1 views

File upload vulnerability in high-speed rail wifi system

The high-speed rail WiFi system provides an integrated wireless information application platform, which can provide passengers with rich information and entertainment applications, as well as a management platform for on-board staff to the passenger transportation management. There is a file uplo...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2018/12/24 12:0 a.m.17 views

WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)

WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE...

6.8CVSS0.6AI score0.02248EPSS
Exploits5
0day.today
0day.today
added 2018/12/24 12:0 a.m.79 views

WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE :CVE-2018-19138 0x02 CSRF Po...

6.8CVSS0.3AI score0.02248EPSS
Exploits5
Carbon Black Blog
Carbon Black Blog
added 2018/01/09 2:3 p.m.41 views

The Second Question(s) Today’s CEOs Should Ask (& Know the Answers To)

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...

6.6AI score
Exploits0
CNVD
CNVD
added 2016/10/09 12:0 a.m.3 views

Arbitrary File Upload Vulnerability in Staff Management System of Guangzhou Zhongda Dongri Technical Education Co.

Guangzhou Zhongda Dongri Technology Education Co. Ltd. specializes in the development and sales of educational technology. This product is a faculty management system. An arbitrary file upload vulnerability exists in the Faculty and Staff Management System of Guangzhou CUHK Dongri Technology...

7.2AI score
Exploits0
CNVD
CNVD
added 2015/05/29 12:0 a.m.4 views

SQL injection vulnerability in the id parameter in Ticketmaster ERP web-based ticketing system/Sales/meb_his.aspx?id=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

7.7AI score
Exploits0References1
Rows per page
Query Builder