Lucene search
+L

10 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-49278

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, token is returned in the response. It...

6.7CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:5 p.m.24 views

CVE-2026-49278 Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, token is returned in the response. It...

6.7CVSS0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-6053

Malware in sbrugna...

4.3CVSS6.4AI score0.02156EPSS
Exploits2References10
CNVD
CNVD
added 2025/08/29 12:0 a.m.2 views

Apartment Management System visitor_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/visitorinfo.php. An attacker can exploit this...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/27 4:2 a.m.3 views

CVE-2025-9507 itsourcecode Apartment Management System visitor_info.php sql injection

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitorinfo.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...

7.5CVSS7.4AI score0.00387EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/27 4:2 a.m.14 views

CVE-2025-9507 itsourcecode Apartment Management System visitor_info.php sql injection

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitorinfo.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...

7.5CVSS0.00387EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.8 views

PT-2025-34830

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A weakness exists in itsourcecode Apartment Management System 1.0, specifically within an unknown function of the file /report/visitor info.php. Manipulation of the vid argumen...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References10
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress WPVisitorInfo – Show Visitor Information & Conditional Data Based On That Information plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WPVisitorInfo – Show Visitor Information & Conditional Data Based On That Information plugin versions = 1.0.0. Solution No patched version available...

4.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2013/12/10 4:11 p.m.20 views

CVE-2013-6224

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a name in the call administrator feature, 2 unspecified vectors to the admins visitor information panel, or 3 a text message in a chat session, which i...

4.3CVSS5.6AI score0.02156EPSS
Exploits2References8
Cvelist
Cvelist
added 2013/12/10 4:0 p.m.24 views

CVE-2013-6224

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a name in the call administrator feature, 2 unspecified vectors to the admins visitor information panel, or 3 a text message in a chat session, which i...

5.6AI score0.02156EPSS
Exploits2References8
Rows per page
Query Builder