Lucene search
+L

2114 matches found

The Hacker News
The Hacker News
added yesterday11 views

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Security researcher Chaotic Eclipse aka Nightmare-Eclipse has released a new proof-of-concept PoC exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as...

9.8CVSS7.2AI score0.07047EPSS
Exploits0
Nuclei
Nuclei
added yesterday76 views

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

7.5CVSS7AI score0.04788EPSS
Exploits2References3
NVD
NVD
added 2 days ago3 views

CVE-2026-50425

Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago19 views

CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability

...

7.8CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-50425

CVE-2026-50425: A use-after-free in Windows Internal System User Profile leads to local privilege escalation for an authorized attacker. Affected component: Windows Internal System User Profile; root cause: use-after-free; impact: gain high privileges locally with no user interaction (CVSSv3.1: A...

7.8CVSS6AI score0.00245EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2 days ago4 views

Windows Internal System User Profile Elevation of Privilege Vulnerability

Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00245EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-58404

Name of the Vulnerable Software and Affected Versions Windows Internal System User Profile affected versions not specified Description A use after free issue in the Windows Internal System User Profile allows an authorized attacker to elevate privileges locally. Use after free is a memory...

7.8CVSS6.2AI score0.00245EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00192EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.115 views

WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

9.8CVSS7.4AI score0.89431EPSS
Exploits8References5
EUVD
EUVD
added 2026/06/30 11:48 a.m.7 views

EUVD-2026-40299

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39656

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:38 p.m.6 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:38 p.m.23 views

CVE-2026-57924

CVE-2026-57924 affects JetBrains YouTrack prior to version 2026.2.16593, where a default role configuration exposed excessive user profile details. The root cause is not fully described beyond this exposure, but the impact implies potential disclosure of user profile information to unauthorized u...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52704

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/23 12:0 a.m.6 views

WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Contributor+) Account Takeover vulnerability

Authenticated Contributor+ Account Takeover vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.11.4...

8.8CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-54224

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 2:23 p.m.17 views

CVE-2026-44205

CVE-2026-44205 affects the Frappe framework (prior to 15.106.0). The issue is a stored XSS in the user profile image upload path that allows an attacker to execute malicious scripts in the browsers of other users. The vulnerability is mitigated by upgrading to version 15.106.0, where it is patche...

6.9CVSS5.4AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:23 p.m.9 views

CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

6.9CVSS5.3AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:23 p.m.27 views

CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

6.9CVSS0.00258EPSS
Exploits0References1
Rows per page
Query Builder