Lucene search
K

53 matches found

NVD
NVD
added 4 days ago10 views

CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-39974

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 4 days ago26 views

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-53086

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44224

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without...

8.8CVSS5.5AI score0.00379EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 9:16 p.m.10 views

CVE-2026-44224

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without...

8.8CVSS0.00379EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 8:33 p.m.45 views

CVE-2026-44224 Wiki.js: Privilege Escalation via Missing Group Validation in users.update

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without...

8.6CVSS0.00379EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 2:54 p.m.5 views

GHSA-RHCG-3H8R-V6VP Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Description A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership...

7.2CVSS5.7AI score0.00257EPSS
Exploits0References3
NVD
NVD
added 2026/02/12 8:16 p.m.56 views

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

8.5CVSS0.00162EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.8 views

CVE-2025-65094

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

8.8CVSS6.9AI score0.00331EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/11/19 7:6 p.m.4 views

CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

8.7CVSS6.6AI score0.00331EPSS
Exploits3References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

Siemens 多款产品 安全漏洞

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...

9.4CVSS6.8AI score0.00458EPSS
Exploits0References3
Akamai Blog
Akamai Blog
added 2024/03/20 2:0 p.m.28 views

Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains

...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/27 12:0 a.m.7 views

PT-2022-26026 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The issue concerns a lack of proper authentication for functions that create and modify user groups. An attacker could exploit this by providing malicious...

9.8CVSS7.6AI score0.0064EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.5 views

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is used to simplify and automate critical device monitoring by Delta Electronics of Taiwan, China. An access control error vulnerability exists in versions prior to Delta Electronics InfraSuite Device Master 00.00.01a, which stems from a lack of proper...

9.8CVSS7.4AI score0.0064EPSS
Exploits0References4
OSV
OSV
added 2022/10/21 2:15 p.m.6 views

CVE-2022-43400

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 All versions V22.2a 80. The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remot...

9.8CVSS5.7AI score0.00883EPSS
Exploits0References1
Prion
Prion
added 2022/10/21 2:15 p.m.20 views

Design/Logic Flaw

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 All versions V22.2a 80. The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remot...

7.5CVSS9.2AI score0.00883EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/10/21 12:0 a.m.22 views

Siemens Siveillance Video Mobile Server Authentication Bypass Vulnerability

Siveillance Video formerly known as SiveillanceVMS is a utility IP video management software for deployments ranging from small and simple to large and highly secure. An authentication bypass vulnerability exists in Siemens Siveillance Video Mobile Server due to the mobile server component of the...

9.8CVSS9.6AI score0.00883EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/21 12:0 a.m.22 views

CVE-2022-43400

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 All versions V22.2a 80. The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remot...

9.4AI score0.00883EPSS
Exploits0References1
Rows per page
Query Builder