12 matches found
CVE-2026-3007
Successful exploitation of the stored cross-site scripting XSS vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature...
EUVD-2014-1425
Malware in sbrugna...
EUVD-2002-2362
Malware in sbrugna...
EUVD-2005-2509
Malware in sbrugna...
EUVD-2025-10885
Malicious code in bioql PyPI...
CVE-2023-6824
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...
The vulnerability of the PowerScale OneFS operating system, related to deficiencies in authentication procedures, allows a perpetrator to gain access to user accounts.
The vulnerability of the PowerScale OneFS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to the user account...
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...
CVE-2023-37503
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...
The vulnerability of the ioAdmin tool, related to the storage of confidential information in unencrypted form, allows a perpetrator to gain access to user accounts.
The vulnerability of the ioAdmin tool is related to the storage of confidential information in an unencrypted form. Exploiting this vulnerability can allow a perpetrator to gain access to user accounts...
CVE-2010-3273
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult...
CVE-2011-0910
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...