PT-2026-40291

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL CLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the admin users...

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to version 1.25.2, PgBouncer had a security vulnerability. This vulnerability stemmed from insufficient authorization checks for the KILLCLIENT management command. As long as users...

CVE-2025-70891

A stored cross-site scripting XSS vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated...

EUVD-2025-203061

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

CVE-2025-13660 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

CVE-2025-34313

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

CVE-2025-34313 IPFire < v2.29 Stored XSS via User Quota Rule URL Filter

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTAUSERS parameter when creating a user quota rule. When a user adds a new user quota rule the application...

EUVD-2025-27376

Malicious code in bioql PyPI...

CVE-2025-57071

Tenda G3 v3.0brV15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-57071

Tenda G3 v3.0brV15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2020-9269

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by exportical.php...

CVE-2024-33974

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php'...

PT-2024-39250 · Unknown · Qdocs Smart School Management System

Name of the Vulnerable Software and Affected Versions: QDocs Smart School Management System version 7.0.0 Description: A critical vulnerability was found in the QDocs Smart School Management System. The issue affects an unknown functionality of the file /user/chat/mynewuser of the component Chat...

Online-College-Event-Hall-Reservation-System Security Vulnerability

Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. A security vulnerability exists in...

CVE-2018-17377

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter...

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

CVE-2018-11535

An issue was discovered in SITEMAKIN SLAC Site Login and Access Control v1.0. The parameter "myitemsearch" in users.php is exploitable using SQL injection...

Sql injection

Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the pluginid parameter is 4, allow remote attackers to execute arbitrary SQL commands via the 1 users username and 2 passwords parameters...