Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.7 views

CVE-2020-7210

Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts...

4.3CVSS6.9AI score0.01036EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/06/25 12:53 a.m.5 views

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

8.1CVSS6.8AI score0.00284EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/23 12:0 a.m.5 views

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

6.8AI score0.00284EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:30 a.m.11 views

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

6.5CVSS7.1AI score0.0108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:46 p.m.5 views

CVE-2021-39394

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...

6.5CVSS7.5AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.9 views

CVE-2020-35128

Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target use...

9CVSS6.4AI score0.01654EPSS
Exploits1
NVD
NVD
added 2024/08/01 9:15 p.m.19 views

CVE-2024-41259

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...

9.1CVSS0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/01 12:0 a.m.26 views

CVE-2024-41259

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...

0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/01 12:0 a.m.9 views

CVE-2024-41259

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...

6.8AI score0.00428EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/02/27 5:12 p.m.4 views

Mars: Upload profile photo and Pets addition - IDOR

The Insecure Direct Object Reference IDOR vulnerability was discovered on the website ██████████. The vulnerability allowed for the manipulation of user accounts by unauthorized users through the profile photo upload feature and the pet addition system. Specific parameters in the requests could b...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/05/01 12:0 a.m.11 views

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

6.6AI score0.0108EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.7 views

early user can call issue() and then melt() to increase basketsNeeded to supply ratio to its maximum value and then melt() won't work and contract contract features like issue() won't work

Lines of code Vulnerability details Impact Function melt melt a quantity of RToken from the caller's account, increasing the basket rate. basket rate should be between 1e9 and 1e27 and function requireValidBUExchangeRate checks that if it's not in interval the the code would revert. the call to...

6.8AI score
Exploits0
Debian CVE
Debian CVE
added 2022/01/22 12:0 a.m.24 views

CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

4.3CVSS4.9AI score0.00738EPSS
Exploits0
OSV
OSV
added 2020/01/23 1:15 p.m.14 views

CVE-2020-7210

Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts...

4.3CVSS6.8AI score0.01036EPSS
Exploits2References5
CVE
CVE
added 2016/12/16 9:2 a.m.299 views

CVE-2016-9838

Affected software: Joomla! prior to 3.6.5. Vulnerable component: components/com_users/models/registration.php, where registration form data stored in the session is incorrectly filtered on validation error. Root cause: improper filtering/validation allows an attacker to access a registered user’s...

7.5CVSS8.4AI score0.14099EPSS
Exploits6References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/07/21 12:0 a.m.30 views

Moodle 2.0.x < 2.0.8 / 2.1.x < 2.1.5 / 2.2.x < 2.2.2 Multiple Vulnerabilities

Binary data 9401.prm...

8.2CVSS5.8AI score0.02286EPSS
Exploits0References12
Zero Day Initiative
Zero Day Initiative
added 2015/09/23 12:0 a.m.44 views

Kaseya Virtual System Administrator Remote Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the forwarding service's handing of the setAccount.aspx page, whic...

7.5CVSS9.4AI score0.82102EPSS
Exploits13References1
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.24 views

Fedora Update for accountsservice FEDORA-2012-10120

Check for the Version of accountsservice OpenVAS Vulnerability Test Fedora Update for accountsservice FEDORA-2012-10120 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

1.9CVSS0.1AI score0.00364EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/03/24 12:0 a.m.24 views

Serv-U < 9.4.0.0

According to its banner, the installed version of Serv-U is earlier than 9.4.0.0, and is, therefore, potentially affected by the following issues : - When importing users, restricted administrators could create user accounts outside their home directory. - When exporting users, restricted...

5.5AI score
Exploits0References1
exploitpack
exploitpack
added 2003/03/22 12:0 a.m.16 views

PHP-Nuke 5.66.x News Module - article.php SQL Injection

PHP-Nuke 5.66.x News Module - article.php SQL Injection source: https://www.securityfocus.com/bid/7172/info It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious stri...

0.3AI score
Exploits0
Rows per page
Query Builder