13 matches found
CVE-2026-40436 ZTE ZXEDM iEMS product has a password reset vulnerability
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...
CVE-2025-64061
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level including standard or low-privileged users, can make a GET request to this endpoint and retrieve a...
EUVD-2020-18707
Malware in sbrugna...
EUVD-2024-42140
Malicious code in bioql PyPI...
EUVD-2023-43929
Malicious code in bioql PyPI...
EUVD-2023-43756
Malicious code in bioql PyPI...
CVE-2023-3064
Anonymous user may get the list of existing users managed by the application, that could ease further attacks see CVE-2023-3065 and 3066This issue affects Mobatime mobile application AMXGT100 through 1.3.20...
ModernWMS 安全漏洞
ModernWMS is an open source simple and complete warehouse management system from fjykTec open source. A security vulnerability exists in ModernWMS version 1.0, which stems from overexposure of /user/list?culture=en-us endpoint information and insufficient access control, which could lead to viewi...
The vulnerability in the web interface of the SINEC INS software for managing network infrastructure stems from a user authentication check error. This allows a malicious individual to obtain information about the list of users of the SFTP service and to alter its configuration.
The vulnerability in the software web interface for managing network infrastructure SINEC INS is related to an authentication check error for requesting the final endpoint "/api/sftp/users". Exploiting this vulnerability could allow a attacker to obtain information about the user list of the SFTP...
Siemens SINEC INS 安全漏洞
Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...
CVE-2024-31398
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users...
CVE-2021-20866
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors...
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
...