Lucene search
+L

23 matches found

Cvelist
Cvelist
added 3 hours ago7 views

CVE-2026-48008 Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS0.00034EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-48008 Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS5.3AI score0.00034EPSS
Exploits0References5
CVE
CVE
added 3 hours ago20 views

CVE-2026-48008

Shopware vulnerability CVE-2026-48008 describes privilege escalation via the Sync API. A non-admin API user with integration:create can set admin: true when creating an integration through POST /api/_action/sync, bypassing the normal admin-check that blocks admin flag on POST /api/integration. Th...

6.5CVSS5.4AI score0.00034EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:56 p.m.8 views

CVE-2026-52784

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "useradmin". This vulnerability is fixed in 17.3.3 and 17.4.1...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 3:54 p.m.4 views

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS6AI score0.00298EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 7:28 p.m.9 views

GHSA-V39M-97P8-GQG7 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/04 7:28 p.m.20 views

Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/04 7:23 p.m.17 views

Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses the...

6.5CVSS5.9AI score0.00034EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/06/04 7:23 p.m.12 views

GHSA-GV8P-48FR-4FXG Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses the...

6.5CVSS5.9AI score0.00034EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/25 8:14 a.m.126 views

Exploit for Prototype Pollution in Substack Minimist

CVE-2020-7598 - Prototype Pollution in minimist Disclaimer...

6.8CVSS6.1AI score0.01884EPSS
Exploits2
OSV
OSV
added 2026/05/14 6:46 p.m.3 views

CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS6.1AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 7:9 p.m.16 views

CVE-2026-42562

Plainpad (self-hosted note-taking app) is affected prior to version 1.1.1. A low-privilege, authenticated user can escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}; the endpoint stores the admin attribute from user input, allowing immediate access to admin-only rou...

8.3CVSS5.7AI score0.00261EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/06 8:21 a.m.5 views

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

7.8CVSS5.7AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2026/04/18 12:5 a.m.3 views

CVE-2026-40349 Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS5.9AI score0.0053EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/26 12:50 a.m.27 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

8.8CVSS0.00306EPSS
Exploits0References1
NVD
NVD
added 2025/11/26 7:15 p.m.12 views

CVE-2025-66028

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

8.2CVSS0.0027EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/26 6:11 p.m.4 views

CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

6.9CVSS6.9AI score0.0027EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30245

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00222EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/19 12:0 a.m.2 views

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

6.8AI score0.00222EPSS
Exploits1References1
OSV
OSV
added 2021/12/27 10:15 p.m.4 views

CVE-2021-45896

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...

8.8CVSS5.8AI score0.01583EPSS
Exploits1References2
Rows per page
Query Builder