33 matches found
CVE-2024-41659
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...
EUVD-2018-20711
Malware in sbrugna...
EUVD-2020-22951
Malware in sbrugna...
EUVD-2019-7981
Malware in sbrugna...
EUVD-2000-1124
Malware in sbrugna...
EUVD-2017-0107
Malware in sbrugna...
EUVD-2007-6364
Malware in sbrugna...
EUVD-2003-1447
Malware in sbrugna...
EUVD-2021-20230
Malware in sbrugna...
EUVD-2022-27156
Malicious code in bioql PyPI...
CVE-2025-46389
CWE-620: Unverified Password Change...
Insecure Password Handling
github.com/filebrowser/filebrowser is vulnerable to Insecure Password Handling. The vulnerability is due to a missing password policy and lack of brute-force protection, which allows an attacker to perform brute-force attacks to retrieve user account passwords...
CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...
CVE-2021-26024
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2025-2903
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform GCP using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious...
CVE-2024-41778
CVE-2024-41778 affects IBM Controller 11.0.0–11.0.1 and 11.1.0, where default weak password requirements may allow attackers to compromise user accounts. Connected sources corroborate weak password handling across the affected versions. The IBM Security Bulletin lists remediation by upgrading to ...
CVE-2022-22110
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
CVE-2022-26303
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigge...
CVE-2023-35907
CVE-2023-35907 affects IBM Aspera Faspex versions 5.0.0–5.0.10, where default weak password requirements can allow attacker compromise of user accounts. The cited sources also show remediation: upgrade to Faspex 5.0.11 (IBM) to address the vulnerability. No exploitation details are provided in th...