52 matches found
CVE-2026-8046
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
CVE-2026-8046
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
CVE-2026-8046 Incorrect Authorization in CODESYS Control
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
EUVD-2026-31799
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
PT-2026-43198
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
CVE-2026-3595
The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/deletecustomer without a permissioncallback, causing...
CVE-2026-5599
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...
CVE-2026-5599
CVE-2026-5599 affects the venueless platform: a user with API access and the "manage users" permission can trigger deletion of user accounts in other worlds. This cross-world impact can compromise account availability and integrity. The CVSS 4.0 base score is 7.3 (HIGH); attack vector is NETWORK ...
venueless 安全漏洞
Venueless is an open-source online activity platform developed by Venueless. There are security vulnerabilities in Venueless, stemming from improper permission management. These vulnerabilities could allow users with API access and the “Manage Users” permission to delete user accounts from other...
CVE-2026-2356
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
CVE-2026-2356
CVE-2026-2356 (User Registration & Membership – WordPress) is a discovered Insecure Direct Object Reference affecting the plugin up to version 5.1.2. The issue arises from missing validation on a user-controlled key (member_id/register_member), enabling unauthenticated deletion of newly created u...
CVE-2026-26367
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...
CVE-2026-26367 JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...
eNet SMART HOME server 安全漏洞
The eNet SMART HOME server is a wireless smart home console developed by the German company eNet. There are security vulnerabilities in the eNet SMART HOME server versions 2.2.1 and 2.3.1. These vulnerabilities stem from the JSON-RPC method used for deleting user accounts, which lacks proper...
CVE-2023-53968
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53968 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53741
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...
CVE-2025-63218
The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...
EUVD-2006-3823
Malware in sbrugna...
EUVD-2025-30481
Malicious code in bioql PyPI...