Lucene search
K

660 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/10 8:46 p.m.3 views

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 8:46 p.m.29 views

CVE-2026-30967 Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

7.6CVSS0.00333EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 8:46 p.m.3 views

CVE-2026-30967 Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in Apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for bypassing moduserdir+suexec. Users who have access to use the RequestHeader directive in htaccess can cause certain CGI scripts to run under an unexpected userid. This issue affects the Apache HTTP Server...

5.4CVSS6.7AI score0.00591EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 1:32 p.m.2 views

CVE-2026-3186

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS6.2AI score0.00222EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

Sz-Admin 安全漏洞

Sz-Admin is a mid-tier management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter userId in files/api/admin/sys-user/reset/password/, which could...

6.5CVSS6.6AI score0.00222EPSS
Exploits1References8
OSV
OSV
added 2026/02/16 12:30 p.m.4 views

GHSA-3C9R-7F29-QP32 Mattermost fails to properly validate login method restrictions

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.9AI score0.00172EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/16 11:2 a.m.4 views

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via the userID authentication. An attacker can gain unauthorized access by leveraging...

5.4CVSS5.7AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/02/16 9:47 a.m.16 views

CVE-2026-0999

Technical details beyond the summary are not provided in the supplied documents. Monitor for updates from Mattermost advisory MMSA-2025-00548.

5.4CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 9:47 a.m.6 views

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 5:16 p.m.5 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

9.8CVSS5.8AI score0.00442EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 12:0 a.m.3 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-4966

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/27 12:0 a.m.2 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/27 12:0 a.m.26 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

0.00442EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.9 views

Code-Projects Mobile Shop Management System security vulnerabilities

Code-Projects Mobile Shop Management System is an open-source mobile store management system developed by Code-Projects. Version 1.0 of the code-projects Mobile Shop Management System contains a security vulnerability. This vulnerability stems from improper handling of the userid parameter in the...

9.8CVSS5.8AI score0.00442EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/27 12:0 a.m.8 views

EUVD-2025-206390

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

9.8CVSS5.9AI score0.00442EPSS
Exploits1References2
CVE
CVE
added 2026/01/27 12:0 a.m.16 views

CVE-2025-69562

The CVE-2025-69562 entry describes a SQL Injection flaw in code-projects Mobile Shop Management System 1.0, exploitable via the userid parameter in /insertmessage.php. The vulnerability arises from improper handling of input in that endpoint, enabling an attacker to manipulate SQL queries. CVSS m...

9.8CVSS5.9AI score0.00442EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/19 12:22 a.m.9 views

CVE-2026-1106

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

5.5CVSS6.4AI score0.00393EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/18 12:2 a.m.9 views

CVE-2026-1106

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

5.5CVSS5.1AI score0.00393EPSS
Exploits0References4
Rows per page
Query Builder