CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, potentially allowing unauthenticated attackers to execute...

CVE-2026-26744

FormaLMS is affected version 4.1.18 and earlier. A user enumeration flaw exists in the password recovery endpoint (/lostpwd) where responses differ between valid and invalid usernames, allowing unauthenticated attackers to determine registered usernames. Impact is limited to information disclosur...

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a network security appliance used to provide firewall, intrusion detection, and prevention. The Palo Alto Networks Expedition suffers from a command injection vulnerability that can be exploited by an attacker to run arbitrary operating system commands, which can...

Ethyca Fides 安全漏洞

Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...

FOGProject 安全漏洞

FOGProject is a free open source network computer cloning and management solution from FOGProject Open Source. It can be used to deploy and manage any desktop operating system. A security vulnerability exists in FOGProject version 1.5.10.41.2, which stems from the potential disclosure of AD...

Code injection

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code...

CVE-2023-29203 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.2.1, which originates from logging usernames and encoded passwords in debug-enabled logs, and can be exploited by an attacker to read...

MTN Group: Wordpress users Disclosure [ /wp-json/wp/v2/users/ ]

Summary: Using REST API, we can see all the WordPress users/author with some of their information. Which can even be Personal information of employees/author. The file v2/users at: https://www.mtn.com/wp-json/wp/v2/users/ is enabled and this give the attacker many users names like: Amogelang...

PT-2022-16766 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1 Description: The issue is related to insufficient permissions checking on the 'tp history' AJAX action and insufficient restriction on the data returned in the...

CVE-2017-16629

In SapphireIMS 40971, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For...

CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

GSA Bounty: Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov

Summary: Hello TTS Bug bounty team! I have found data.gov User/admin usernames disclosed. Using REST API, we can see all the WordPress users/author with some of their information. Steps To Reproduce: You can find the information disclosure by going to data.gov/wp-json/wp/v2/users/ Supporting Vide...