355 matches found
WordPress Booking Calendar plugin <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Settings Modification vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Booking Calendar versions = 10.14.14...
CVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...
CVE-2022-0815
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed...
CVE-2025-68384
A flaw was found in Elasticsearch. A low-privileged authenticated user can cause an excessive memory allocation via submission of oversized user settings data, resulting in a denial of service. Mitigation To mitigate this issue, make sure that only necessary and trusted users have authentication...
Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.Libraries.Web.UI is a runtime assemblies for Web Forms applications that use Kentico Xperience API Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SaveUserSpecificDashboardSettings method in the UserSettingsJsonDashboardItemsLoader...
PT-2025-51869
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the src/UserEditor.php file. When an administrator saves a user’s configuration settings, the keys of the type...
EUVD-2021-11675
Malware in sbrugna...
EUVD-2014-1120
Malware in sbrugna...
EUVD-2018-17489
Malware in sbrugna...
EUVD-2021-21891
Malware in sbrugna...
EUVD-2006-5501
Malware in sbrugna...
EUVD-2019-7295
Malware in sbrugna...
EUVD-2014-1097
Malware in sbrugna...
EUVD-2012-5985
Malware in sbrugna...
EUVD-2017-10618
Malware in sbrugna...
EUVD-2021-19517
Malware in sbrugna...
EUVD-2018-18313
Malware in sbrugna...
EUVD-2020-0403
Malware in sbrugna...
EUVD-2016-8295
Malware in sbrugna...