Lucene search
K

432 matches found

Cvelist
Cvelist
added 2026/03/08 6:32 p.m.41 views

CVE-2026-3761 SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS0.00337EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.11 views

AgentChat 安全漏洞

AgentChat is a multi-agent collaborative dialogue system based on large language models, developed by Shy2593663669. Versions of AgentChat 2.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter userid in the functions getuserinfo an...

7.5CVSS7.1AI score0.00403EPSS
Exploits0References7
OSV
OSV
added 2026/03/04 9:58 p.m.5 views

CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS5.8AI score0.00292EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:31 a.m.4 views

SUSE CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 9:22 p.m.5 views

GHSA-6MQ3-XMGP-PJM5 ZITADEL's truncated opaque tokens are still valid

Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/27 9:22 p.m.9 views

ZITADEL's truncated opaque tokens are still valid

Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/02/25 4:16 a.m.11 views

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

9.8CVSS0.00668EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Foscam Video Management System 安全漏洞

The Foscam Video Management System is a monitoring video management system developed by the American company Foscam. Version 1.1.6.6 of the Foscam Video Management System contains a security vulnerability. This vulnerability stems from a buffer overflow in the UID field, which could allow local...

6.7CVSS6.1AI score0.00136EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 10:56 p.m.5 views

GHSA-CHM2-M3W2-WCXM OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch

Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name users/. This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals. Affected Packages / Versions As of 2026-02-14; based on latest...

2.1CVSS5.6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/17 10:56 p.m.9 views

OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch

Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name users/. This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals. Affected Packages / Versions As of 2026-02-14; based on latest...

5.6AI score
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/02/16 9:47 a.m.3 views

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.3 views

CVE-2019-25327

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

9.8CVSS6.5AI score0.00453EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.26 views

Mersenne Research Prime95 安全漏洞

Mersenne Research Prime95 is an open-source software developed by Mersenne Research, running on Windows operating systems. Version 29.8 build 6 of Mersenne Research Prime95 contains a security vulnerability. This vulnerability stems from a buffer overflow in the user ID input field, which could...

9.8CVSS6.3AI score0.00453EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 8:36 p.m.3 views

CVE-2020-37173 AVideo Platform 8.1 - Information Disclosure (User Enumeration)

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4
CNVD
CNVD
added 2026/02/11 12:0 a.m.5 views

WeKan has an unspecified vulnerability

WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...

5.3CVSS5.9AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.8 views

WeKan 安全漏洞

WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/06 6:52 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/06 6:52 p.m.3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 10:1 p.m.4 views

EUVD-2020-30994

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.28 views

CVE-2020-37081 Fishing Reservation System 7.5 - 'uid' SQL Injection

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

7.1CVSS0.00198EPSS
Exploits0References4
Rows per page
Query Builder