Lucene search
+L

330 matches found

NVD
NVD
added 9 hours ago5 views

CVE-2026-63825

In the Linux kernel, the following vulnerability has been resolved: gcov: use atomic counter updates to fix concurrent access crashes GCC's GCOV instrumentation can merge global branch counters with loop induction variables as an optimization. In inflatefast, the inner copy loops get transformed ...

Exploits0References3
ATTACKERKB
ATTACKERKB
added 9 hours ago4 views

CVE-2026-63825

In the Linux kernel, the following vulnerability has been resolved: gcov: use atomic counter updates to fix concurrent access crashes GCC's GCOV instrumentation can merge global branch counters with loop induction variables as an optimization. In inflatefast, the inner copy loops get transformed ...

5.7AI score
Exploits0References4
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-45491

In the Linux kernel, the following vulnerability has been resolved: gcov: use atomic counter updates to fix concurrent access crashes GCC's GCOV instrumentation can merge global branch counters with loop induction variables as an optimization. In inflatefast, the inner copy loops get transformed ...

5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 21 hours ago6 views

PT-2026-61141

In the Linux kernel, the following vulnerability has been resolved: gcov: use atomic counter updates to fix concurrent access crashes GCC's GCOV instrumentation can merge global branch counters with loop induction variables as an optimization. In inflate fast, the inner copy loops get transformed...

5.7AI score
Exploits0References4
NVD
NVD
added 3 days ago9 views

CVE-2026-13741

The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the digupdatewpwccustomfields function. This makes it possible for authenticat...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 3 days ago15 views

CVE-2026-13741

The CVE-2026-13741 entry concerns the Digits: WordPress Mobile Number Signup and Login plugin for WordPress, vulnerable in all versions up to and including 9.1.0.5. The root cause is missing authorization and role validation in the dig_update_wpwc_custom_fields() function, allowing authenticated ...

8.8CVSS6AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-13741 Digits: WordPress Mobile Number Signup and Login <= 9.1.0.5 - Authenticated (Subscriber+) Privilege Escalation via 'digits_reg_userrole' Parameter

The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the digupdatewpwccustomfields function. This makes it possible for authenticat...

8.8CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-44897

The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the digupdatewpwccustomfields function. This makes it possible for authenticat...

8.8CVSS6AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-12525 Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

0.00237EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-12525

CVE-2026-12525 affects the Redux Framework WordPress plugin prior to 4.5.13. The vulnerability arises because the plugin does not restrict which user_meta keys can be written when saving custom profile fields, enabling users with at least the Subscriber role to escalate to Administrator while upd...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-57945

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...

5.3CVSS0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.17 views

CVE-2026-11476

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:30 a.m.13 views

CVE-2026-11476

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 1:30 a.m.10 views

CVE-2026-11476 Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 1:30 a.m.52 views

CVE-2026-11476 Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS0.00209EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-9224

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.13 views

CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.5AI score0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 a.m.16 views

CVE-2026-9417

A vulnerability was detected in code-projects Employee Management System 1.0. Affected is an unknown function of the file /myprofileup.php. Performing a manipulation of the argument ID results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public an...

5.3CVSS4.3AI score0.00263EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.14 views

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a code injection vulnerability that originates from manipulation of the parameter ID in the file /myprofileup.php, which could lea...

5.3CVSS5.3AI score0.00263EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 4:16 p.m.15 views

CVE-2026-9224

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

4.3CVSS0.00152EPSS
Exploits0References1
Rows per page
Query Builder