EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contain an access control vulnerability. This vulnerability stems from the function queryPageList in the User List Endpoint component, which process...

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

CVE-2025-11580

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks...

CVE-2025-11580

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks...

EUVD-2025-33758

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited...

CVE-2025-11580

PowerJob up to version 5.1.2 contains broken access control in the /user/list function, allowing remote unauthorized access. Multiple sources (NVD, Red Hat, CIRCL, nuclei template, PTSecurity, CNNVD, CVE CVE-2025-11580) describe that the vulnerability enables remote exploitation with public explo...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob 5.1.2 and earlier versions, which stems from a lack of authorization checking ...

PT-2025-41581

Name of the Vulnerable Software and Affected Versions PowerJob versions through 5.1.2 Description A flaw exists in PowerJob that relates to missing authorization within the function list of the /user/list file. This issue can be exploited remotely. The exploit is publicly available. The vulnerabl...

EUVD-2025-33404

In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...

xckk 安全漏洞

xckk small dishes low-code development platform is a low-code development platform open source by China Cloud Network Software bestfeng. A security vulnerability exists in xckk v9.6, which stems from the orderBy parameter in user/list is not securely filtered, which may lead to SQL injection...

CVE-2025-60265

The CVE-2025-60265 issue affects xckk v9.6 and is caused by insufficient filtering of the orderBy parameter in the /user/list endpoint, enabling SQL injection. The vulnerability is documented across multiple sources (e.g., Red Hat CVE page, EUVD/ENISA entries, and PT-2025-41411) with a described ...

Linux Distros Unpatched Vulnerability : CVE-2018-18248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline que...

CVE-2025-45617

Incorrect access control in the component /user/list of productionssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload...

CVE-2024-57698

An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the...

PT-2024-30171 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Incorrect Access Control vulnerability was found in "/music/index.php?page=user list" and "/music/index.php?page=edit user" in Kashipara Music Management System. This allows a low...

PT-2023-27138 · Sourcecodester · Sourcecodester Simple Online Mens Salon Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Mens Salon Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown processing of the file "/admin/?page=user/list". The manipulation of...