Lucene search
K

52 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-8046

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.5AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 8:16 a.m.15 views

CVE-2026-8046

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 6:45 a.m.45 views

CVE-2026-8046 Incorrect Authorization in CODESYS Control

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 6:45 a.m.11 views

EUVD-2026-31799

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43198

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 6:16 a.m.4 views

CVE-2026-3595

The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/deletecustomer without a permissioncallback, causing...

5.3CVSS0.00441EPSS
Exploits0References7
NVD
NVD
added 2026/04/05 1:17 p.m.7 views

CVE-2026-5599

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

7.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/04/05 12:36 p.m.12 views

CVE-2026-5599

CVE-2026-5599 affects the venueless platform: a user with API access and the "manage users" permission can trigger deletion of user accounts in other worlds. This cross-world impact can compromise account availability and integrity. The CVSS 4.0 base score is 7.3 (HIGH); attack vector is NETWORK ...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.10 views

venueless 安全漏洞

Venueless is an open-source online activity platform developed by Venueless. There are security vulnerabilities in Venueless, stemming from improper permission management. These vulnerabilities could allow users with API access and the “Manage Users” permission to delete user accounts from other...

7.3CVSS5.8AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.7 views

CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 2:23 a.m.29 views

CVE-2026-2356

CVE-2026-2356 (User Registration & Membership – WordPress) is a discovered Insecure Direct Object Reference affecting the plugin up to version 5.1.2. The issue arises from missing validation on a user-controlled key (member_id/register_member), enabling unauthenticated deletion of newly created u...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/02/15 4:15 p.m.6 views

CVE-2026-26367

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

8.1CVSS0.00373EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/15 3:29 p.m.4 views

CVE-2026-26367 JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

8.1CVSS5.8AI score0.00373EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.7 views

eNet SMART HOME server 安全漏洞

The eNet SMART HOME server is a wireless smart home console developed by the German company eNet. There are security vulnerabilities in the eNet SMART HOME server versions 2.2.1 and 2.3.1. These vulnerabilities stem from the JSON-RPC method used for deleting user accounts, which lacks proper...

8.1CVSS5.9AI score0.00373EPSS
Exploits2References2
OSV
OSV
added 2025/12/22 10:16 p.m.6 views

CVE-2023-53968

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

9.3CVSS5.8AI score0.00555EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.26 views

CVE-2023-53968 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

9.8CVSS0.00555EPSS
Exploits2References5
NVD
NVD
added 2025/12/10 9:16 p.m.27 views

CVE-2023-53741

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...

8.1CVSS0.00697EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/11/19 12:0 a.m.4 views

CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

6.7AI score0.0059EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-3823

Malware in sbrugna...

5CVSS6.4AI score0.01381EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30481

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder