Lucene search
K

660 matches found

NVD
NVD
added 2026/05/27 8:16 a.m.16 views

CVE-2026-40824

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:50 a.m.36 views

CVE-2026-40824 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7CVSS5.9AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43563

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 3:16 p.m.12 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00309EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.19 views

CVE-2018-25362

CVE-2018-25362 affects Twitter-Clone 1 with a SQL injection in follow.php via the userid parameter. The vulnerability lets an attacker manipulate queries using union-based or time-based blind payloads to extract sensitive data such as usernames, passwords, and database credentials. Impact is Conf...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.10 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.24 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 2:15 p.m.9 views

EUVD-2018-21882

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43215

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

twitter-clone SQL注入漏洞

twitter-clone is an application by Fiffe Individual Developers. twitter-clone uses + Vue 3 + light to go development + TailwindCSS + PostgreSQL + recapitulation Twitter-Clone version 1 suffers from a SQL injection vulnerability that stems from the injection of SQL code via the userid parameter in...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/24 1:48 p.m.9 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the doWriteSave process in the UCenter Article Submission Endpoint when handling the id or userId arguments. An attacker can gain unauthorized access to or modify articles by sending crafted requests to the...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/24 10:45 a.m.14 views

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

JPress 授权问题漏洞

JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...

6.5CVSS6.7AI score0.00252EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:13 p.m.7 views

CVE-2026-9087

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

8.1CVSS5.8AI score0.00312EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-44382

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.3 Description An Insecure Direct Object Reference IDOR exists in the Admin API, which allows authenticated administrators to change the password of any user account, including SuperAdmin accounts, without proper...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/05/19 12:31 p.m.6 views

GHSA-RRV7-3MQF-HXFR Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References8
NVD
NVD
added 2026/05/17 7:16 a.m.18 views

CVE-2026-8737

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

6.9CVSS0.00403EPSS
Exploits0References4
Rows per page
Query Builder