4 matches found
CVE-2025-31511
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the...
PT-2024-25996 · Sunhillo · Sunhillo Sureline
Name of the Vulnerable Software and Affected Versions: Sunhillo SureLine versions through 8.10.0 Description: The issue allows for cgi/usrPasswd.cgi userid change XSS within the Forgot Password feature. This can be exploited through the /cgi/usrPasswd.cgi endpoint, specifically targeting the user...
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2023-3146)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
U.S. Dept Of Defense: Account takeover on ███████ [HtUS]
Hello, I have found an endpoint in ████████ is vulnerable to Account takeover Steps to reproduce: 1. Create 2 accounts Attacker A and vicitm B 2. Log in to all of them and go to https://███████/███████/EditUserProfile with attacker's account 3. Now fill out the password with your password 4. Chan...