CVE-2025-41077

CVE-2025-41077 affects Viafirma Inbox v4.5.13 with an Insecure Direct Object Reference (IDOR) flaw. The vulnerability allows any authenticated, unprivileged user to list all users, access and modify their data (including emails) and then use password recovery to impersonate other users, potential...

CVE-2022-31478

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function...

CVE-2025-63221

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

EUVD-2006-3929

Malware in sbrugna...

EUVD-1999-0259

Malware in sbrugna...

EUVD-2022-51762

Malicious code in bioql PyPI...

EUVD-2023-36552

Malicious code in bioql PyPI...

CVE-2023-32298

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kathy Darling Simple User Listing plugin = 1.9.2 versions...

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2024-42174 HCL MyXalytics is affected by username enumeration vulnerability

HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames...

CVE-2023-32298

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kathy Darling Simple User Listing plugin = 1.9.2 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kathy Darling Simple User Listing plugin = 1.9.2 versions...

CVE-2023-32298 WordPress Simple User Listing Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kathy Darling Simple User Listing plugin = 1.9.2 versions...

CVE-2023-32298

CVE-2023-32298 is a reflected XSS vulnerability in the WordPress plugin Simple User Listing (versions

WordPress Plugin Simple User Listing Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Simple User Listing Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple User Listing Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32298 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4082207ac5d1 Credits Emili Castell...

PT-2023-22833 · Mobatime · Mobatime

Name of the Vulnerable Software and Affected Versions: Mobatime mobile application AMXGT100 versions 1.3.20 and earlier Description: The issue allows an anonymous user to obtain a list of existing users managed by the application, which could facilitate further attacks. It is related to an improp...

Powershell-Backdoor-Generator - Obfuscated Powershell Reverse Backdoor With Flipper Zero And USB Rubber Ducky Payloads

Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. usage: listen.py -h --ip-address IPADDRESS --port PORT --random --out OUT --verbose --delay...

Authentication flaw

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

PT-2023-14432 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security, Anti-spam & Malware Scan WordPress plugin versions prior to 9.3.3 Description: The issue concerns improper access control to the REST API users endpoint when the blog is in a subdirectory. This could allow attackers to...