Lucene search
K

13 matches found

Vulnrichment
Vulnrichment
added 2026/04/13 6:31 a.m.2 views

CVE-2026-40436 ZTE ZXEDM iEMS product has a password reset vulnerability

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 5:15 p.m.3 views

CVE-2025-64061

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level including standard or low-privileged users, can make a GET request to this endpoint and retrieve a...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-18707

Malware in sbrugna...

5CVSS5AI score0.00747EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-42140

Malicious code in bioql PyPI...

6.3CVSS7.3AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-43929

Malicious code in bioql PyPI...

4.3CVSS5.7AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43756

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.00598EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.4 views

CVE-2023-3064

Anonymous user may get the list of existing users managed by the application, that could ease further attacks see CVE-2023-3065 and 3066This issue affects Mobatime mobile application AMXGT100 through 1.3.20...

9.1CVSS6.9AI score0.00783EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.4 views

ModernWMS 安全漏洞

ModernWMS is an open source simple and complete warehouse management system from fjykTec open source. A security vulnerability exists in ModernWMS version 1.0, which stems from overexposure of /user/list?culture=en-us endpoint information and insufficient access control, which could lead to viewi...

7.5CVSS6.3AI score0.00344EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.7 views

The vulnerability in the web interface of the SINEC INS software for managing network infrastructure stems from a user authentication check error. This allows a malicious individual to obtain information about the list of users of the SFTP service and to alter its configuration.

The vulnerability in the software web interface for managing network infrastructure SINEC INS is related to an authentication check error for requesting the final endpoint "/api/sftp/users". Exploiting this vulnerability could allow a attacker to obtain information about the user list of the SFTP...

6.5CVSS7.4AI score0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...

6.3CVSS6.4AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2024/06/11 6:15 a.m.1 views

CVE-2024-31398

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2021/12/13 7:15 a.m.1 views

CVE-2021-20866

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors...

6.5CVSS5.8AI score0.01662EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.5 views

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.

...

5.3CVSS7AI score0.03988EPSS
Exploits2
Rows per page
Query Builder