Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
local users vulnerabilities and exploits
(subscribe to this query)
8.8
CVE-2022-3026
The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile...
Wp-users-exporter Project Wp-users-exporter
2 Github repositories available
4.8
CVSSv3
CVE-2021-24782
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed....
Flex Local Fonts Project Flex Local Fonts
4.9
CVSSv3
CVE-2021-27999
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database....
Local Services Search Engine Management System Project Local Services Search Engine Management System 1.0
6.1
CVSSv3
CVE-2020-4503
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
Ibm Planning Analytics Local
5.4
CVSSv3
CVE-2020-4645
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Ibm Planning Analytics Local
6.1
CVSSv3
CVE-2018-1676
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Ibm Planning Analytics Local
4.3
CVSSv3
CVE-2020-4649
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022....
Ibm Planning Analytics Local
5.4
CVSSv3
CVE-2020-4306
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Ibm Planning Analytics Local
7.8
CVSSv3
CVE-2017-11672
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges....
Opcfoundation Local Discovery Server
5.4
CVSSv3
CVE-2020-4431
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
Ibm Planning Analytics Local
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48285
CVE-2023-23621
bypass
CVE-2019-25053
file inclusion
CVE-2023-24055
logic flaw
CVE-2023-23560
CVE-2022-48012
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »