Lucene search
K

16 matches found

EUVD
EUVD
added 2026/06/18 4:13 p.m.11 views

EUVD-2026-37912

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.22 views

CVE-2026-54105

The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:13 p.m.6 views

CVE-2026-54105

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS5.4AI score0.003EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.34 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:12 p.m.10 views

EUVD-2026-37910

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:12 p.m.24 views

CVE-2026-54103

CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:12 p.m.6 views

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.5AI score0.00427EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50705

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

6.9CVSS5.9AI score0.003EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2026/01/21 12:0 a.m.12 views

VulnCheck KEV: CVE-2025-51683

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

9.8CVSS6.2AI score0.00424EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.11 views

CVE-2025-40992

Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/updateprofile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and...

5.1CVSS5.9AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/01 9:30 p.m.5 views

EUVD-2025-200092

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

7.7AI score0.00424EPSS
Exploits2References3
OSV
OSV
added 2025/12/01 8:15 p.m.4 views

CVE-2025-51683

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

9.8CVSS6.1AI score0.00424EPSS
Exploits2References2
CVE
CVE
added 2025/12/01 12:0 a.m.16 views

CVE-2025-51683

CVE-2025-51683: mJobtime v15.7.2 contains a blind SQL injection in the /Default.aspx/update_profile_Server endpoint. Exploitation is unauthenticated and can lead to arbitrary SQL execution, with high impact on confidentiality, integrity, and availability. The description and sources confirm the v...

9.8CVSS8AI score0.00424EPSS
In wildExploits1References1Affected Software1
NVD
NVD
added 2025/10/02 11:15 a.m.6 views

CVE-2025-40992

Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/updateprofile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and...

5.1CVSS0.00333EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 10:50 a.m.9 views

CVE-2025-40992

CVE-2025-40992 is a Stored XSS vulnerability in Creativeitem Sociopro, affecting the /sociopro/profile/update_profile endpoint where the POSTed name parameter is insufficiently validated. Attackers could inject script that may be executed in an authenticated user’s context, with potential cookie/...

5.1CVSS5.6AI score0.00333EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the userId...

9.8CVSS6.8AI score0.00292EPSS
Exploits1References1
Rows per page
Query Builder