Rocket.Chat SQL注入漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9 have a SQL injection vulnerability. This vulnerability stems from NoSQL injection and could lead to the takeover of the first user account with a...

PT-2026-34579

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

CVE-2025-67645

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters pubpid / pid to reference another user’s recor...

EUVD-2021-23485

Malware in sbrugna...

EUVD-2016-6977

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-1908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over,...

GHSA-F3GH-529W-V32X IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...

CVE-2024-12371

CVE-2024-12371 affects Rockwell Automation Power Monitor 1000. Vulnerability: API allows unauthenticated creation of a Policyholder user with high privileges (edit operations, admin creation, factory reset). Reported impact includes device takeover and potential for remote code execution/DoS via ...

CVE-2024-28144

CVE-2024-28144 describes a flaw in a self-developed session management that allows session takeover when an attacker can spoof the IP address and User-Agent of a logged-in user. Two users on the same IP can be logged in as the other user. Connected sources identify Image Access Scan2Net as affect...

Exploit for Authorization Bypass Through User-Controlled Key in Tareqhasan Meetup

CVE-2024-50483 Meetup = 0.1 - Authentication Bypass via Ac...

CVE-2024-7205 sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information...

eWeLink 安全漏洞

eWeLink is a smart home assistant from eWeLink, Inc. A security vulnerability exists in eWeLink versions prior to 2.19.0, which stems from a vulnerability that allows a secondary user to take over a device to become the primary user by sharing unnecessary sensitive information about the device wh...

CVE-2024-41121 Custom workspace allow to overwrite plugin entrypoint executable in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

PortSwigger Web Security: A user with only [MODIFY_SETTINGS] permmision could takeover any user accounts

The vulnerability allowed a user with only the "MODIFYSETTINGS" permission to take over any user accounts. By configuring the email settings to use a public SMTP server, the attacker could capture the email and password reset link whenever an administrator or user with permissions to edit or add...

Session fixation

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657...

CVE-2022-31478

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function...

ILIAS plugin UserTakeOver 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in the ILIAS plugin UserTakeOver versions prior to 4.0.1. An attacker exploited the vulnerability to list all users via the search function...

GHSA-5GH9-G62H-F35M Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers

Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator...

MobiSoft MobiPlus 安全漏洞

MobiSoft MobiPlus is a leading integrated solution for activities in the field of sales and distribution of MobiSoft Israel. MobiSoft MobiPlus suffers from a security vulnerability that originates from a MobiSoft user takeover and improper handling of url parameters. The vulnerability can be...

CVE-2022-22792

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users...