Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.11 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

5.4CVSS6AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.11 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.11 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS5.5AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.14 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

5.3CVSS0.00511EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.13 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.16 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

8.8CVSS0.00998EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.11 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

5.4CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.15 views

CVE-2026-36720

CVE-2026-36720 describes insecure permissions in bookcars v8.3 that allow an authenticated user to escalate privileges from user to admin by modifying their user type. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) yields a base score of 8.1 ( HIGH ), indicating a high impact on confid...

8.1CVSS5.5AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

0.00511EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.32 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.35 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.32 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.33 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

0.00998EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.8 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

6.5AI score0.00998EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.20 views

CVE-2026-36721

CVE-2026-36721 affects bookcars v8.3. The root cause is a lack of cryptographic signature verification in the validateAccessToken function, which enables attackers to bypass authentication via a forged JWT token. The CVE is rated with a high impact metric (CVSS v3.1: 9.8, Critical) across confide...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.11 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

5.5AI score0.00248EPSS
Exploits0References1
Rows per page
Query Builder