Lucene search
K

10 matches found

CVE
CVE
added 2025/07/31 12:0 a.m.18 views

CVE-2025-50849

CS Cart 4.18.3 is affected by CVE-2025-50849: an Insecure Direct Object Reference (IDOR) in the user profile function via the company_id parameter allows an authenticated user to alter another user’s sticker setting due to insufficient server-side validation. Root cause: improper validation of ob...

8CVSS6.3AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2025/07/28 4:15 p.m.6 views

CVE-2025-2297

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to...

7.8CVSS0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/28 3:40 p.m.9 views

CVE-2025-2297 Privilege Management for Windows - Elevation of Privilege

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to...

7.2CVSS0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.10 views

CVE-2024-6410

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pmuploadimage' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.5AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 6:38 p.m.75 views

CVE-2025-31487

The CVE-2025-31487 affects the XWiki JIRA extension. If the JIRA macro is installed, a logged-in user could abuse the macro to trigger a request that returns XML containing a DOCTYPE with an XXE payload, potentially displaying contents of local files on the XWiki server (e.g., in fields like summ...

7.7CVSS6.9AI score0.00343EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/05/04 12:0 a.m.16 views

phpMyFAQ < 3.1.13 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

9.8CVSS6.9AI score0.00559EPSS
Exploits2References4
NVD
NVD
added 2020/12/18 10:15 a.m.13 views

CVE-2020-26175

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...

6.5CVSS6.3AI score0.00659EPSS
Exploits1References2
CVE
CVE
added 2020/12/18 9:26 a.m.50 views

CVE-2020-26177

CVE-2020-26177 affects Tangro Business Workflow prior to 1.18.1. The issue is an access control flaw: certain profile items are rendered as greyed out on the client, but the server does not enforce this restriction—manipulating greyed‑out values in requests to /api/profile is not prohibited serve...

4.3CVSS4.6AI score0.00641EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2008/11/08 12:0 a.m.21 views

zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ zeeproperty 1.0 Upload/XSS Multiple Remote Vulnerabilities ============================================================ ZEEPROPERTY v1.0 remote file Upload & XSS author: ZoRLu ms...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2005/07/08 12:0 a.m.36 views

[SA15936] phpSlash &quot;author_id&quot; User Profile Manipulation Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.7AI score
Exploits0
Rows per page
Query Builder