Lucene search
K

319 matches found

Snyk
Snyk
added 2026/02/26 3:13 a.m.3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the IsAdmin field in the user profile update process. An attacker can gain unauthorized administrative privileges by sending a crafted PUT request to their own user profile endpoint with IsAdmin set to...

8.8CVSS6AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the IsAdmin field in the user profile update process. An attacker can gain unauthorized administrative privileges by sending a crafted PUT request to their own user profile endpoint with IsAdmin set to...

8.8CVSS6AI score0.00306EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 2:16 a.m.10 views

CVE-2026-27899

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

8.8CVSS0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 12:50 a.m.25 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

8.8CVSS0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:50 a.m.4 views

CVE-2026-27899

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

8.8CVSS5.5AI score0.00306EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/26 12:50 a.m.23 views

CVE-2026-27899

WireGuard Portal (wg-portal) prior to v2.1.3 allows any authenticated non-admin user to elevate to full admin by sending IsAdmin=true in a PUT to their own profile, with the admin flag not being preserved by the server’s protection logic. After logout and login, the session inherits admin privile...

8.8CVSS5.5AI score0.00306EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/26 12:50 a.m.11 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

8.8CVSS5.6AI score0.00306EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 12:50 a.m.5 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.13 views

PT-2026-22074

Name of the Vulnerable Software and Affected Versions WireGuard Portal versions prior to 2.1.3 Description WireGuard Portal, a web-based configuration portal for WireGuard server management, contains a flaw that allows authenticated non-admin users to escalate their privileges to full administrat...

9.9CVSS5.9AI score0.22162EPSS
Exploits70References144
NVD
NVD
added 2026/02/20 5:25 p.m.7 views

CVE-2026-27506

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS0.00165EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 4:55 p.m.27 views

CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 4:55 p.m.5 views

CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 4:55 p.m.16 views

CVE-2026-27506

SVXportal before or equal to version 2.5 contains a stored XSS in the profile update flow (user_settings.php -&gt; admin/update_user.php). Authenticated users can inject HTML/JavaScript into profile fields (Firstname, lastname, email, image_url) that are rendered uncoded in the admin interface (a...

6.1CVSS5.4AI score0.00165EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/18 1:40 a.m.14 views

CVE-2024-55271

A Cross-Site Request Forgery CSRF vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint...

3.5CVSS5.5AI score0.00129EPSS
Exploits2References1
OSV
OSV
added 2026/02/17 5:21 p.m.4 views

CVE-2024-55271

A Cross-Site Request Forgery CSRF vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint...

3.5CVSS5.7AI score0.00129EPSS
Exploits2References2
NVD
NVD
added 2026/02/17 5:21 p.m.8 views

CVE-2024-55271

A Cross-Site Request Forgery CSRF vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint...

3.5CVSS0.00129EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.12 views

PT-2026-20215

A Cross-Site Request Forgery CSRF vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint...

3.5CVSS5.5AI score0.00129EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/02/17 12:0 a.m.5 views

CVE-2024-55271

A Cross-Site Request Forgery CSRF vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint...

3.5CVSS5.5AI score0.00129EPSS
Exploits2References3
CVE
CVE
added 2026/02/17 12:0 a.m.18 views

CVE-2024-55271

CVE-2024-55271 concerns a CSRF flaw in phpgurukul Gym Management System 1.0, specifically the /profile.php endpoint in the User Panel. The Red Hat/NVD/osv entries and the community exploit page consistently describe a CSRF vulnerability where profile updates (e.g., name, address, phone) can be mo...

3.5CVSS5.5AI score0.00129EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.26 views

CVE-2024-55271

A Cross-Site Request Forgery CSRF vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint...

0.00129EPSS
Exploits2References2
Rows per page
Query Builder