Lucene search
K

127 matches found

Nuclei
Nuclei
added yesterday23 views

Joomla! Component User Status - Local File Inclusion

A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...

5CVSS6.2AI score0.14041EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/07/01 2:48 p.m.7 views

CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

7.5CVSS5.8AI score0.00243EPSS
Exploits0
Circl
Circl
added 2026/06/05 1:23 p.m.12 views

CVE-2026-10912

creationtimestamp| type| source ---|---|--- 2026-06-05 13:23:29+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

6.5CVSS5.3AI score0.0028EPSS
Exploits0References3
Circl
Circl
added 2026/06/05 11:33 a.m.10 views

CVE-2026-10881

creationtimestamp| type| source ---|---|--- 2026-06-05 11:33:52+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnk26jjkl62n 2026-06-05 11:33:52+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnk26jjkl62n 2026-06-05 13:23:23+00:00| seen|...

9.6CVSS6AI score0.0039EPSS
Exploits0References8
Circl
Circl
added 2026/06/05 10:2 a.m.9 views

CVE-2026-11125

creationtimestamp| type| source ---|---|--- 2026-06-05 10:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv37jabq2n 2026-06-05 10:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjv37jabq2n 2026-06-05 13:24:11+00:00| seen|...

8.8CVSS5.3AI score0.0028EPSS
Exploits0References4
OSV
OSV
added 2026/05/21 9:20 p.m.3 views

CVE-2026-7887 For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

2.3CVSS5.9AI score0.00172EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 5:2 a.m.33 views

CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS0.00215EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/17 3:31 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...

5.1CVSS5.8AI score0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:11 a.m.3 views

CVE-2026-27769

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.8AI score0.00167EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/14 8:16 p.m.5 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00317EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 6:51 p.m.3 views

CVE-2026-33706 Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS6AI score0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-32021

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update user from username endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.8 views

CVE-2026-2571

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27445

Name of the Vulnerable Software and Affected Versions Vikunja versions 0.18.0 through 2.2.0 Description Vikunja is a self-hosted task management platform. When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. The API tokens,...

8.1CVSS5.8AI score0.00453EPSS
Exploits1References11
EUVD
EUVD
added 2026/03/19 9:30 a.m.5 views

EUVD-2026-13065

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Discord security vulnerabilities

Discord is a free chat service provided by the Discord company. Versions of Discord dated January 16, 2026 and earlier have security vulnerabilities. These vulnerabilities stem from the WebSocket API responding with status information about hidden users, which may lead to the inference of a user’...

4.3CVSS5.8AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 4:42 p.m.7 views

GO-2026-4295 Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server

Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.9 views

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

5.4CVSS5.7AI score0.00531EPSS
Exploits1References1
Circl
Circl
added 2026/01/07 5:39 p.m.1 views

GHSA-JC3F-C62G-V7QW

creationtimestamp| type| source ---|---|--- 2026-01-07 17:39:28+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115855036756832399...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/01/06 4:10 p.m.4 views

CVE-2020-36905

creationtimestamp| type| source ---|---|--- 2026-01-06 16:10:57+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115849026353201544 2026-01-06 16:37:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbrf7a6mfw2y 2026-01-07 21:03:03+00:00| seen|...

7.5CVSS5.7AI score0.00443EPSS
Exploits1References3
Rows per page
Query Builder