EUVD-2025-31652

Malicious code in bioql PyPI...

EUVD-2022-5793

Malicious code in bioql PyPI...

EUVD-2024-26032

Malicious code in bioql PyPI...

EUVD-2022-3878

Malicious code in bioql PyPI...

CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...

pybbs 安全漏洞

pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a weak password requirement in the function update in the file...

CVE-2025-0057

SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

CVE-2025-26512 CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

CVE-2024-38291

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation...

CVE-2024-25602

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

CVE-2024-27899

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...

CVE-2024-22126

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

CVE-2025-0057

SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...

CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...

CVE-2025-0057

CVE-2025-0057 concerns SAP NetWeaver AS Java (User Admin Application). The issue is a stored cross-site scripting vulnerability where an attacker, posing as an admin, can upload a photo containing malicious JavaScript. When a victim accesses the vulnerable component, the attacker can read and mod...

CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...

PT-2025-1183 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability. An attacker, posing as an administrator, can upload a photo with malicious JavaScript content. When a vict...

PT-2025-4751 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.11 and earlier Description: The issue allows for CSRF, enabling account takeover via POST "/api/user/admin". This can be exploited to gain unauthorized access to user accounts. Recommendations: For versions 1.11 and earlier, ...

CVE-2024-51337

Gibbon (prior to v27.0.01) is affected by a Cross Site Scripting (XSS) vulnerability that can leak sensitive information via the email parameter in /Gibbon/modules/User Admin/user_manage_editProcess.php. The issue is fixed in v28.0.00. Affected component: Gibbon core/admin UI flow handling the us...