CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/02/23 7:35 p.m.•6 views

CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS3.5AI score0.00276EPSS

Exploits1References1

OSV•added 2026/02/22 2:16 p.m.•4 views

CVE-2026-2947

5.4CVSS4.1AI score0.00276EPSS

Exploits1References4

NVD•added 2026/02/22 2:16 p.m.•8 views

CVE-2026-2947

5.4CVSS0.00276EPSS

Exploits1References4

Cvelist•added 2026/02/22 1:32 p.m.•23 views

CVE-2026-2947 rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

5.1CVSS0.00276EPSS

Exploits1References4

ATTACKERKB•added 2026/02/22 1:32 p.m.•6 views

CVE-2026-2947

5.1CVSS3.6AI score0.00276EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/22 12:0 a.m.•5 views

PT-2026-21450

Name of the Vulnerable Software and Affected Versions rymcu forest versions up to 0.0.5 Description A cross-site scripting issue exists in rymcu forest. The issue is located in the updateUserInfo function within the src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java file of the...

5.1CVSS4.6AI score0.00276EPSS

Exploits1References7

RedhatCVE•added 2025/12/02 5:24 a.m.•10 views

CVE-2025-13808

A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...

8.8CVSS6.4AI score0.00412EPSS

Exploits1References1

NVD•added 2025/12/01 5:16 a.m.•3 views

CVE-2025-13808

8.8CVSS0.00412EPSS

Exploits1References5

Cvelist•added 2025/12/01 5:2 a.m.•10 views

CVE-2025-13808 orionsec orion-ops User Profile UserController.java update improper authorization

7.5CVSS0.00412EPSS

Exploits1References5

Positive Technologies•added 2025/12/01 12:0 a.m.•4 views

PT-2025-48412

Name of the Vulnerable Software and Affected Versions orionsec orion-ops versions up to 5925824997a3109651bbde07460958a7be249ed1 Description A flaw exists in orionsec orion-ops. The issue is related to improper authorization caused by manipulation of the ID argument within the update function...

8.8CVSS7.1AI score0.00412EPSS

Exploits1References12

Cvelist•added 2025/11/14 7:2 p.m.•11 views

CVE-2025-13178 Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...

5.1CVSS0.002EPSS

Exploits1References4

RedhatCVE•added 2025/10/28 3:4 p.m.•2 views

CVE-2025-12288

A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...

8.8CVSS6.3AI score0.00392EPSS

Exploits1References1

EUVD•added 2025/10/27 3:30 p.m.•4 views

EUVD-2025-36183

5.3CVSS5.9AI score0.00392EPSS

Exploits1References5

NVD•added 2025/10/27 3:15 p.m.•8 views

CVE-2025-12288

8.8CVSS0.00392EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-43750

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00564EPSS

Exploits1References3

RedhatCVE•added 2025/05/23 3:43 a.m.•7 views

CVE-2023-3058

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi...

5.4CVSS6.4AI score0.00564EPSS

Exploits1References1

BDU FSTEC•added 2024/08/13 12:0 a.m.•3 views

The vulnerability of the User Profile Handler component on the Apache Roller server for creating web blogs allows attackers to execute XSS attacks.

The vulnerability of the User Profile Handler component on the Apache Roller web blog server exists due to the lack of security measures for handling web page structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

4CVSS5.4AI score0.00709EPSS

Exploits0References3Affected Software1

NVD•added 2023/06/02 1:15 p.m.•24 views

CVE-2023-3058

5.4CVSS4.3AI score0.00564EPSS

Exploits1References3

OSV•added 2023/06/02 1:15 p.m.•3 views

CVE-2023-3058

5.4CVSS3.7AI score0.00564EPSS

Exploits1References3

CVE•added 2023/06/02 1:0 p.m.•74 views

CVE-2023-3058

CVE-2023-3058 affects 07FLY CRM up to version 1.2.0, with the vulnerable area in the User Profile Handler. The issue enables cross-site scripting and can be exploited remotely; exploits have been disclosed. Available sources indicate the patch status is unclear, and at least one reference recomme...

5.4CVSS4.5AI score0.00564EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by