Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.9 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

5.4CVSS6AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.8 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS5.5AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.11 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

5.3CVSS0.00511EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.10 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

8.8CVSS0.00998EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.15 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.10 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

5.4CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.32 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

0.00511EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.32 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.20 views

CVE-2026-36727

CVE-2026-36727 affects bookcars version 8.3. An insecure authentication vulnerability exists in the /api/social-sign-in endpoint that allows bypassing authentication by forged JWT tokens. The issue is documented across multiple feeds (NVD, Red Hat, CVE records) with no explicit exploit details or...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.7 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.7 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48167

Name of the Vulnerable Software and Affected Versions bookcars version 8.3 Description A lack of cryptographic signature verification in the validateAccessToken function allows attackers to bypass authentication by using a forged JSON Web Token JWT, which is a compact, URL-safe means of...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48168

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

6AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

bookcars 安全漏洞

BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from the/api/create-car-image component, which has a vulnerability related to arbitrary file uploads. This could allow attackers to execute...

5.4CVSS5.9AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the /api/delete-temp-license/file endpoint, where there is an arbitrary file deletion vulnerability. This could allow unauthenticated...

5.3CVSS5.5AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.10 views

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the/api/create-user component, which has an unlimited file renaming vulnerability. This could allow authenticated attackers to use...

8.8CVSS6.2AI score0.00998EPSS
Exploits0References1
Rows per page
Query Builder