CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

9.8CVSS9.2AI score0.00264EPSS

EUVD-2020-22921

Malware in sbrugna...

9.8CVSS9.2AI score0.00307EPSS

EUVD-2020-22920

Malware in sbrugna...

9.8CVSS9.2AI score0.00264EPSS

EUVD-2020-22923

Malware in sbrugna...

9.8CVSS9.2AI score0.00264EPSS

EUVD-2020-22922

Malware in sbrugna...

Packet Storm•added 2025/07/08 12:0 a.m.•332 views

📄 MikroTik RouterOS Cross Site Scripting

A reflected cross site scripting vulnerability exists in MikroTik RouterOS versions prior to version 7, specifically in the UserManager web interface. This flaw can be exploited by unauthenticated attackers, allowing JavaScript injection via a specially crafted URL without requiring a valid login...

6.6AI score

RedhatCVE•added 2025/05/22 4:37 p.m.•7 views

CVE-2020-35245

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...

9.8CVSS8AI score0.00264EPSS

RedhatCVE•added 2025/05/22 4:24 p.m.•4 views

CVE-2020-35242

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...

9.8CVSS8AI score0.00307EPSS

RedhatCVE•added 2025/05/22 3:31 p.m.•2 views

CVE-2020-35244

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...

9.8CVSS8AI score0.00264EPSS

RedhatCVE•added 2025/05/22 3:30 p.m.•3 views

CVE-2020-35243

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...

9.8CVSS8AI score0.00264EPSS

0day.today•added 2024/10/30 12:0 a.m.•166 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring...

7.5AI score

Packet Storm•added 2024/10/30 12:0 a.m.•183 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score

Citrix•added 2024/01/09 12:0 a.m.•4 views

Issues identified on devices running Android 14 that impact restrictions set by SecureHub.

On Android 14, some admin-set UserManager restrictions may be permanently applied on reboot, preventing SecureHub from effectively un-setting those restrictions. Affected settings are in Appendix A 2. On the upgrade from Android 13 to Android 14, some admin-set UserManager restrictions may be...

7.3AI score

OSV•added 2023/07/01 12:0 a.m.•18 views

ASB-A-217981062

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00003EPSS

Exploits0References2

NVD•added 2022/09/15 1:15 p.m.•6 views

CVE-2021-44076

An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting XSS. The payload can be executed in multiple scenarios, for example when the user'...

4.8CVSS0.00562EPSS

Cvelist•added 2022/09/15 12:35 p.m.•11 views

CVE-2021-44076

5.2AI score0.00562EPSS