13 matches found
EUVD-2025-6959
Malicious code in bioql PyPI...
EUVD-2023-40987
Malicious code in bioql PyPI...
EUVD-2025-3994
Malicious code in bioql PyPI...
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...
RabbitMQ 3.8.x < 3.8.17 XSS
The version of RabbitMQ installed on the remote host is 3.8.x prior to 3.8.17. It is, therefore, affected by a cross-site scripting vulnerability: - In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation...
CVE-2024-46671
An Incorrect User Management vulnerability CWE-286 in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard...
CVE-2024-46671
FortiWeb contains an Incorrect User Management (CWE-286) vulnerability affecting FortiWeb versions 7.6.2 and below, 7.4.6 and below, 7.2.10 and below, and 7.0.11 and below. An authenticated attacker with at least read-only admin privileges can perform operations on the dashboard of other administ...
CVE-2024-46671
An Incorrect User Management vulnerability CWE-286 in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard...
CVE-2025-24967
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...
CVE-2024-25106
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...
CVE-2025-24968
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
CVE-2025-24967 Stored XSS on Admin Panel When Deleting a User in reNgine
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...
CVE-2025-24967 Stored XSS on Admin Panel When Deleting a User in reNgine
reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting XSS vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This...