660 matches found
CVE-2026-30967
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...
CVE-2026-30967 Parse Server OAuth2 authentication adapter account takeover via identity spoofing
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...
CVE-2026-30967 Parse Server OAuth2 authentication adapter account takeover via identity spoofing
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...
Astra Linux – Vulnerability in Apache2
A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for bypassing moduserdir+suexec. Users who have access to use the RequestHeader directive in htaccess can cause certain CGI scripts to run under an unexpected userid. This issue affects the Apache HTTP Server...
CVE-2026-3186
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...
Sz-Admin 安全漏洞
Sz-Admin is a mid-tier management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter userId in files/api/admin/sys-user/reset/password/, which could...
GHSA-3C9R-7F29-QP32 Mattermost fails to properly validate login method restrictions
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
Incorrect Implementation of Authentication Algorithm
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via the userID authentication. An attacker can gain unauthorized access by leveraging...
CVE-2026-0999
Technical details beyond the summary are not provided in the supplied documents. Monitor for updates from Mattermost advisory MMSA-2025-00548.
CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
CVE-2025-69562
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
CVE-2025-69562
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
PT-2026-4966
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
CVE-2025-69562
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
CVE-2025-69562
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
Code-Projects Mobile Shop Management System security vulnerabilities
Code-Projects Mobile Shop Management System is an open-source mobile store management system developed by Code-Projects. Version 1.0 of the code-projects Mobile Shop Management System contains a security vulnerability. This vulnerability stems from improper handling of the userid parameter in the...
EUVD-2025-206390
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...
CVE-2025-69562
The CVE-2025-69562 entry describes a SQL Injection flaw in code-projects Mobile Shop Management System 1.0, exploitable via the userid parameter in /insertmessage.php. The vulnerability arises from improper handling of input in that endpoint, enabling an attacker to manipulate SQL queries. CVSS m...
CVE-2026-1106
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...
CVE-2026-1106
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...