Lucene search
K

11 matches found

CVE
CVE
added 2026/06/12 6:35 p.m.19 views

CVE-2026-53725

Parse Server up to version 9.9.1-alpha.5 contains a vulnerability in MFA handling: when _User get is denied by Class-Level Permissions, the /login and /verifyPassword endpoints may bypass CLP/protectedFields sanitization and return raw database rows, exposing MFA data (MFA TOTP secrets and recove...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/15 7:32 p.m.38 views

CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/15 7:32 p.m.4 views

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/15 7:32 p.m.15 views

CVE-2026-4190

JawherKl node-api-postgres (up to 2.5) is affected by a SQL injection in User.getAll (models/user.js) caused by unsafely manipulated sort argument. The vulnerability allows remote execution, and public exploit code is available. Vendor was contacted but no response. No remediation details are pro...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/28 6:16 p.m.4 views

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

7.1CVSS5.9AI score0.0042EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/03 11:28 a.m.16 views

CVE-2025-27236 User information disclosure via api_jsonrpc.php on method user.get with param search

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

2.1CVSS0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/02 6:12 a.m.28 views

CVE-2024-42325 Excessive information returned by user.get

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

2.1CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2024/09/04 4:15 p.m.28 views

CVE-2024-44808

An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter...

9.8CVSS0.00857EPSS
Exploits0References2
NVD
NVD
added 2022/12/08 5:15 p.m.16 views

CVE-2022-38599

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface...

6.5CVSS0.00782EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.5 views

PT-2022-24474

Name of the Vulnerable Software and Affected Versions Teleport versions 3.2.2 through 3.6.3-b2 Description The issue is an information leak via the "/user/get-role-list" web interface. This leak was discovered in the specified versions of Teleport. There is no information provided about the...

6.5CVSS6.5AI score0.00782EPSS
Exploits1References8
Rows per page
Query Builder