Lucene search
+L

249 matches found

RedhatCVE
RedhatCVE
added 2025/07/22 12:1 p.m.15 views

CVE-2025-7886

A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument userid leads to sql injection. It...

7.5CVSS7.4AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.4 views

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is SourceCodester open source a salon management system. SourceCodester Best Salon Management System version 1.0 has an injection vulnerability, the vulnerability stems from the wrong operation of the parameter userid/planid in the file...

8.8CVSS7.1AI score0.00361EPSS
Exploits1References6
OSV
OSV
added 2025/06/23 4:15 a.m.5 views

CVE-2025-6502

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /phpaction/changePassword.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS5.8AI score0.00394EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/17 4:31 a.m.24 views

CVE-2025-6160 SourceCodester Client Database Management System user_customer_create_order.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /usercustomercreateorder.php. The manipulation of the argument userid leads to sql injection. The attack may be initiat...

7.5CVSS0.00502EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 2:31 a.m.7 views

CVE-2023-1035

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file updateuser.php. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The...

8.8CVSS7.4AI score0.007EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.7 views

CVE-2019-13189

In Knowage through 6.1.1, there is XSS via the starturl or userid field to the ChangePwdServlet page...

6.1CVSS5.9AI score0.00943EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:10 p.m.9 views

CVE-2008-7309

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost userid value via a modified URL, related to a "mass assignment" vulnerability...

5CVSS7AI score0.01065EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.23 views

CVE-2024-7040

...

0.00562EPSS
Exploits0
CVE
CVE
added 2025/03/20 10:9 a.m.51 views

CVE-2024-7040

Open WebUI (open-webui/open-webui) v0.3.8 contains an improper access control vulnerability on the frontend admin page. An administrator can view chats of other administrators by altering the user_id parameter, exposing admin chat logs. The issue is documented in Red Hat’s CVE entry and mirrored ...

5.2AI score0.00562EPSS
Exploits0
OSV
OSV
added 2025/03/20 10:9 a.m.3 views

CVE-2024-7040 Improper Access Control in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the userid parameter, it is possible to view the chats of any administrator,...

4.9CVSS6AI score0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/02 8:0 p.m.24 views

CVE-2025-1831 zj1983 zz ZorgAction.java GetDBUser sql injection

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The...

6.5CVSS0.00501EPSS
Exploits1References4
CVE
CVE
added 2025/03/02 8:0 p.m.88 views

CVE-2025-1831

Affects zj1983 zz (versions up to 2024-8). The GetDBUser function in src/main/java/com/futvan/z/system/zorg/ZorgAction.java is vulnerable to SQL injection via the user_id argument. The issue can be exploited remotely, and public disclosure exists. Multiple connected sources (Red Hat, CVE feeds, C...

9.8CVSS6.8AI score0.00501EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/01/07 5:15 a.m.17 views

CVE-2024-12124

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54290. Reason: This candidate is a reservation duplicate of CVE-2024-54290. Notes: All CVE users should reference CVE-2024-54290 instead of this candidate. All references and descriptions in this candidate have been...

Exploits0
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.18 views

CVE-2024-12124

...

Exploits0
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.8 views

CVE-2024-12124

...

6.3AI score
Exploits0
CVE
CVE
added 2025/01/07 4:22 a.m.71 views

CVE-2024-12124

This CVE-2024-12124 entry is rejected/not used and does not represent an active vulnerability.

6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/12/30 3:31 p.m.12 views

TeamPass privileges issue

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different userid...

8.1CVSS6.9AI score0.00452EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/12/30 3:15 p.m.20 views

CVE-2024-50703

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different userid...

8.1CVSS0.00452EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 6:15 a.m.5 views

CVE-2024-10793

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS7.4AI score0.01293EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/15 5:30 a.m.18 views

CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

7.2CVSS6.1AI score0.01293EPSS
Exploits1References2
Rows per page
Query Builder