CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2025/07/11 5:15 p.m.•2 views

CVE-2025-7450

A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. It is possible to initiate the...

5.3CVSS5.4AI score0.00251EPSS

Exploits0References4

Vulnrichment•added 2024/03/17 2:0 p.m.•16 views

CVE-2024-2564 PandaXGO PandaX user.go ExportUser path traversal

A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The explo...

6.5CVSS6.5AI score0.0007EPSS

Exploits0References3

Veracode•added 2023/06/23 11:13 a.m.•13 views

Cross-Site Request Forgery (CSRF)

github.com/casdoor/casdoor is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the SetPassword function at user.go due to a lack of CSRF token, which allows an attacker to change a users password...

6.5CVSS6.8AI score0.00404EPSS

Exploits10References5Affected Software1

Veracode•added 2023/05/19 2:35 a.m.•15 views

Incorrect Authorization

github.com/mattermost/mattermost-server is vulnerable to Incorrect Authorization. The vulnerability exists because the createUserAccessToken function of user.go fails to restrict a user with permission to edit other users and to create personal access tokens from elevating their privileges to the...

8.8CVSS6.7AI score0.0025EPSS

Exploits0References8Affected Software1

Veracode•added 2023/04/28 11:58 a.m.•22 views

Cross-Site Request Forgery (CSRF)

github.com/phachon/mm-wiki is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in Save function of user.go which allows an attacker to execute arbitrary code via the system/user/save parameter...

8.8CVSS8.9AI score0.00347EPSS

Exploits1References5Affected Software1

Veracode•added 2022/10/17 8:35 a.m.•35 views

Authentication Bypass

grafana is vulnerable to Authentication Bypass. The vulnerability exists due to the GetUserByLogin function in user.go conflict in the login field; An attacker can register into the system from another user's email address as a username blocking a user's login attempt...

4.3CVSS5.9AI score0.00056EPSS

Exploits0References7Affected Software2

Prion•added 2019/09/08 4:15 p.m.•12 views

Authentication flaw

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...

4CVSS6.4AI score0.93578EPSS

Exploits5References6Affected Software1

Kaspersky•added 2016/06/01 12:0 a.m.•29 views

KLA10820 Privilege escalation vulnerability in Docker

An improper treating of a numeric UID was found in Docker. By exploiting this vulnerability malicious users can escalate privileges. This vulnerability can be exploited locally via a numeric username in the password file. Technical details This vulnerability is related to libcontainer/user/user.g...

7.8CVSS7.7AI score0.00069EPSS

Exploits0References2

NVD•added 2014/11/21 3:59 p.m.•8 views

CVE-2014-8682

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.5CVSS8.3AI score0.76891EPSS

Exploits5References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by