172 matches found
CVE-2026-3568
CVE-2026-3568 affects the WordPress MStore API plugin up to version 4.18.3. The root cause is in update_user_profile() processing the raw JSON field 'meta_data' without validation, allowlisting, or sanitization, and then applying arbitrary keys/values to update_user_meta() after cookie-based auth...
CVE-2025-70997
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...
CVE-2025-70997
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...
CVE-2020-7911
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS...
CVE-2023-29004
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
CVE-2025-58386
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new...
DRUPAL-CONTRIB-2025-121
This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...
CVE-2025-58386
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new...
PT-2025-48739
Name of the Vulnerable Software and Affected Versions Terminalfour versions 8 through 8.4.1.1 Description The userLevel parameter within the user management function lacks sufficient server-side authorization checks. A Power User can manipulate this parameter to assign the Administrator role to...
CVE-2025-47357
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions...
CVE-2025-47357
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions...
CVE-2025-47357 Missing Authentication for Critical Function in SMSS
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions...
CVE-2025-47357 Missing Authentication for Critical Function in SMSS
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions...
Qualcomm Chipsets 访问控制错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An access control error vulnerability exists in Qualcomm Chipsets that originates when a user-level driver performs a QFPROM read or write operation, which could result in information disclosure...
PT-2025-44926
Name of the Vulnerable Software and Affected Versions versions prior to November 4, 2025 Description An information disclosure issue exists when a user-level driver performs QFPROM read or write operations on Fuse regions. The issue involves missing authentication for a critical function in SMSS...
EUVD-2021-24413
Malware in sbrugna...
EUVD-2018-8820
Malware in sbrugna...
EUVD-2020-3851
Malware in sbrugna...
EUVD-2018-1185
Malware in sbrugna...