17 matches found
EUVD-2020-17450
Malware in sbrugna...
EUVD-2025-6961
Malicious code in bioql PyPI...
CVE-2024-27779
An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all...
CVE-2025-3580
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...
Improper Privilege Management
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. An attacker, acting as an admin, can delete other administrators. This action is restricted by the us...
CVE-2024-7039 Improper Privilege Management in open-webui/open-webui
In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...
CVE-2024-7039
CVE-2024-7039 affects open-webui/open-webui v0.3.8. Affected component: API-based user management. Root cause: improper privilege management allows an admin to delete other administrators via the endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}, despite UI restrictions. Impact: elev...
PT-2025-12177 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: The application exhibits improper privilege management. An attacker with administrator privileges can delete other administrators by directly accessing the API endpoint...
Pat Infinite Solutions HelpdeskAdvanced 安全漏洞
Pat Infinite Solutions HelpdeskAdvanced is an automated solution for strategic governance of Service Management activities from Pat Infinite Solutions. A security vulnerability exists in Pat Infinite Solutions HelpdeskAdvanced version 11.0.33 and prior versions that stems from improper access...
PHP Task Management System 安全漏洞
SourceCodester Task Management System is a task management system. A security vulnerability exists in PHP Task Management System version 1.0, which stems from the deletion of the administrator user function being vulnerable to SQL injection attacks...
Meinberg Funkuhren Meinberg LANTIME-Firmware Security Vulnerability
Meinberg Funkuhren Meinberg LANTIME-Firmware is a ready-to-use network time protocol server from Meinberg Funkuhren, Germany. A security vulnerability exists in Meinberg LANTIME-Firmware, which stems from a problem found in LTOS-Web-Interface. An administrator can delete required user accounts...
PT-2023-11855 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to and including 2.1.5 Description: The issue allows for authentication bypass due to unrestricted access to the 'register' and 'update user profile' routes, enabling unauthenticated attackers to...
CVE-2020-22334
Cross Site Request Forgery CSRF vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/adminadmin.php...
Shopizer 安全特征问题漏洞
Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security signature issue vulnerability exists in Shopizer versions 2.0 through 2.17.0, which can be exploited by an attacker to cause a regular administrator to permanently delete a super administrator...
CVE-2020-24739
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRFTOKEN and can still request normally, all administrators except the initial administrator will be deleted...
CVE-2020-24739
CVE-2020-24739 describes a CSRF flaw in iCMS v7.0.0 where, if the CSRF_TOKEN is missing, a background deletion action can delete all administrator accounts except the initial admin. This vulnerability is documented by multiple sources (Red Hat, CNVD, NVD, CVE lists) with the same basic descriptio...
OsCommerce Cross-Site Request Forgery Administrator Deletion
A Cross-Site Request Forgery vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to delete administrator users from the affected system...