81 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003406)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003406 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...
CVE-2018-19367
Portainer through 1.19.2 provides an API endpoint /api/users/admin/check to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case...
CVE-2022-37190
CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...
Zeroheight 安全漏洞
Zeroheight is a design system management platform from Zeroheight UK. A security vulnerability exists in versions of Zeroheight prior to 2025-06-13, which stems from a legacy user creation API that allows bypassing the email validation step to create an account, potentially leading to spam or fak...
CVE-2025-41079
A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parameter 'name' in '/api/v2.1/user/'. Mitigation Mitigation for this issue is either not available or the currently available options do not...
CVE-2025-41079 Multiple vulnerabilities in Seafile
A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'...
CVE-2025-41079 Multiple vulnerabilities in Seafile
A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'...
CVE-2025-41079
CVE-2025-41079 affects Seafile v12.0.10 and is a stored XSS vulnerability triggered by storing malicious payloads via the PUT /api/v2.1/user/ endpoint using the name parameter. The issue enables browser-side code execution when a victim loads affected content. Public details consistently referenc...
Magewell Ultra Encode 安全漏洞
Magewell Ultra Encode is a video encoder from the Chinese company Magewell. A security vulnerability exists in Magewell Ultra Encode version 1.2.213, which originates from a cross-site request forgery in the /mwapi?method=add-user component...
CVE-2025-11862
CVE-2025-11862 : Verve Asset Manager has an access-control vulnerability enabling unauthorized read-only users to read, update, and delete users via the API. Affects the Verve Asset Manager API endpoints (and is described as a user data manipulation issue with API exposure). The CVSS 4.0 base sco...
CVE-2025-12297
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-12297
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-12297
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...
CVE-2025-12297
CVE-2025-12297 affects atjiu pybbs up to v6.0.0, involving an unknown function in UserApiController.java. The manipulation causes information disclosure and can be exploited remotely; the exploit is publicly available (PoC in some sources). Multiple connected sources corroborate the surface and i...
pybbs 访问控制错误漏洞
pybbs is a community platform for Java development by iuiu individual developers. An access control error vulnerability exists in pybbs version 6.0.0 and earlier, which stems from the misuse of an unknown function in the file UserApiController.java, which could lead to information disclosure...
EUVD-2019-2063
Malware in sbrugna...
EUVD-2017-9492
Malware in sbrugna...
EUVD-2022-53216
Malicious code in bioql PyPI...