CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

NVD•added 2025/03/12 2:15 p.m.•5 views

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

7.5CVSS0.00519EPSS

Exploits0References1

CVE•added 2025/03/12 12:0 a.m.•45 views

CVE-2025-25709

Technical details beyond the reported description are not publicly available in the provided connected documents. Monitor for updates from the vendor and CVE databases for affected product/version, impact, and fixes.

7.5CVSS7.7AI score0.00519EPSS

Exploits0References1

Cvelist•added 2025/03/12 12:0 a.m.•9 views

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

7.5CVSS0.00519EPSS

Exploits0References1

Vulnrichment•added 2025/03/12 12:0 a.m.•7 views

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

7.5CVSS7.2AI score0.00519EPSS

Exploits0References1

CNNVD•added 2025/03/12 12:0 a.m.•3 views

DTP tNexus Airport View 安全漏洞

DTP tNexus Airport View is an application from DTP that helps airport users track and monitor operational information. It is used to track operational updates to enhance airport operations and passenger experience. A security vulnerability exists in DTP tNexus Airport View version 2.8, which stem...

7.5CVSS7AI score0.00519EPSS

Exploits0References1

OSV•added 2025/01/09 12:15 a.m.•3 views

CVE-2024-13197

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site scripting. The attack may be...

5.4CVSS6.4AI score

Exploits0References5

Vulnrichment•added 2025/01/09 12:0 a.m.•5 views

CVE-2024-13197 donglight bookstore电商书城系统说明 AdminUserControlle.java updateUser cross site scripting

5.3CVSS6.2AI score0.00393EPSS

Exploits1References5

Cvelist•added 2025/01/09 12:0 a.m.•12 views

CVE-2024-13197 donglight bookstore电商书城系统说明 AdminUserControlle.java updateUser cross site scripting

5.3CVSS0.00393EPSS

Exploits1References5

CNNVD•added 2022/05/24 12:0 a.m.•1 views

filegator 授权问题漏洞

filegator is a free, open source, self-hosted web application. It is used to manage files and folders. A security vulnerability exists in filegator versions prior to 7.8.0, which stems from the updateUser function not resetting a user's session...

5.5CVSS5.1AI score0.00671EPSS

Exploits1References3

NVD•added 2006/09/23 10:7 a.m.•13 views

CVE-2006-4956

Cross-site scripting XSS vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the inname parameter, as used by the Name field...

6.8CVSS5.8AI score0.04589EPSS

Exploits1References4

CVE•added 2006/09/23 10:0 a.m.•43 views

CVE-2006-4956

Neon WebMail for Java before 5.08 has a cross-site scripting (XSS) vulnerability in the updateuser servlet. The in_name parameter used for the Name field can be exploited to inject arbitrary script/HTML when the page is rendered. The flaw is documented under CVE-2006-4956 with consistent vendor r...

6.8CVSS6AI score0.04589EPSS

Exploits1References4Affected Software1

Cvelist•added 2006/09/23 10:0 a.m.•18 views

CVE-2006-4956

5.8AI score0.04589EPSS

Exploits1References4

exploitpack•added 2006/09/20 12:0 a.m.•13 views

NeoSys Neon Webmail for Java 5.065.07 - updateuser?in_name Servlet Cross-Site Scripting

NeoSys Neon Webmail for Java 5.065.07 - updateuser?inname Servlet Cross-Site Scripting...

1.4AI score

Exploits0

exploitpack•added 2006/09/20 12:0 a.m.•12 views

NeoSys Neon Webmail for Java 5.065.07 - updateuser?in_id Servlet Arbitrary User Information Modification

NeoSys Neon Webmail for Java 5.065.07 - updateuser?inid Servlet Arbitrary User Information Modification source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: -...

7.4AI score

Exploits0

Exploit DB•added 2006/09/20 12:0 a.m.•20 views

NeoSys Neon Webmail for Java 5.06/5.07 - 'updateuser?in_name' Servlet Cross-Site Scripting

source: https://www.securityfocus.com/bid/20109/info Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include: - an arbitrary-file-upload vulnerability - an arbitrary-email-manipulation vulnerability - multiple...

7.4AI score

Exploits0

NVD•added 2002/08/12 4:0 a.m.•16 views

CVE-2002-0776

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix...

7.5CVSS7AI score0.01791EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by