Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121 matches found

Nuclei
Nucleiadded yesterday14 views

Joomla! Component User Status - Local File Inclusion

A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...

5CVSS5.9AI score0.02693EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/04/22 5:2 a.m.25 views

CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS0.00067EPSS
Exploits0References1
Snyk
Snykadded 2026/04/17 3:31 p.m.0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...

5.1CVSS5.8AI score0.00037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/15 10:11 a.m.1 views

CVE-2026-27769

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.8AI score0.00037EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCveadded 2026/04/14 8:16 p.m.0 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00025EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.2 views

PT-2026-32021

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update user from username endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:8 p.m.0 views

CVE-2026-2571

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00046EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.2 views

PT-2026-27445

Name of the Vulnerable Software and Affected Versions Vikunja versions 0.18.0 through 2.2.0 Description Vikunja is a self-hosted task management platform. When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. The API tokens,...

8.1CVSS5.8AI score0.00107EPSS
Exploits1References11
EUVD
EUVDadded 2026/03/19 9:30 a.m.1 views

EUVD-2026-13065

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00046EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/01/22 12:0 a.m.1 views

Discord security vulnerabilities

Discord is a free chat service provided by the Discord company. Versions of Discord dated January 16, 2026 and earlier have security vulnerabilities. These vulnerabilities stem from the WebSocket API responding with status information about hidden users, which may lead to the inference of a user’...

4.3CVSS5.8AI score0.00015EPSS
Exploits0References1
OSV
OSVadded 2026/01/13 4:42 p.m.2 views

GO-2026-4295 Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server

Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server...

5.3CVSS6.6AI score0.00237EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/01/09 9:55 a.m.5 views

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

5.4CVSS5.7AI score0.00281EPSS
Exploits1References1
Circl
Circladded 2026/01/07 5:39 p.m.0 views

GHSA-JC3F-C62G-V7QW

creationtimestamp| type| source ---|---|--- 2026-01-07 17:39:28+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115855036756832399...

5.8AI score
Exploits0References1
Circl
Circladded 2026/01/06 4:10 p.m.1 views

CVE-2020-36905

creationtimestamp| type| source ---|---|--- 2026-01-06 16:10:57+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115849026353201544 2026-01-06 16:37:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbrf7a6mfw2y 2026-01-07 21:03:03+00:00| seen|...

7.5CVSS5.7AI score0.0009EPSS
Exploits1References3
OSV
OSVadded 2025/12/19 3:15 p.m.3 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.6AI score0.0004EPSS
Exploits1References3
Circl
Circladded 2025/12/11 6:33 p.m.2 views

CVE-2025-56083

creationtimestamp| type| source ---|---|--- 2025-12-11 18:33:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115702365711663519...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References1
Circl
Circladded 2025/12/11 5:18 p.m.0 views

GHSA-4C65-9GQF-4W8H

creationtimestamp| type| source ---|---|--- 2025-12-11 17:18:35+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115702072250790374...

5.8AI score
Exploits0References1
Circl
Circladded 2025/12/01 6:4 a.m.2 views

CVE-2025-13809

creationtimestamp| type| source ---|---|--- 2025-12-01 06:04:16+00:00| seen| https://infosec.exchange/users/offseq/statuses/115642797535662438...

6.5CVSS5.8AI score0.00034EPSS
Exploits1References1
Circl
Circladded 2025/11/04 9:45 p.m.1 views

GHSA-JHJX-X4CF-4VM8

creationtimestamp| type| source ---|---|--- 2025-11-04 21:45:06+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115493614774031888...

5.8AI score
Exploits0References1
Circl
Circladded 2025/10/23 4:27 p.m.1 views

GHSA-2RRC-F24F-94F6

creationtimestamp| type| source ---|---|--- 2025-10-23 16:27:22+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115424417623809144...

5.8AI score
Exploits0References1
Rows per page
Query Builder