CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

EUVD-2026-34289

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

PT-2026-46254

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A mass assignment issue exists in the user edit functionality. The application fails to sufficiently filter user-supplied fields in the UsersController::edit function, allowing it to accept a...

Code-Projects Inventory Management System 注入漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /phpaction/removeUser.php for externally entered SQL statements. An attacker can...

The vulnerability of the `remove_user_from_org(/api/{org_id}/users/{email_id})` function in the monitoring platform for logs, metrics, and tracebacks of OpenObserve allows a perpetrator to circumvent existing security restrictions and delete users from the system.

The vulnerability of the removeuserfromorg/api/orgid/users/emailid function in the monitoring platform for logs, metrics, and tracebacks of OpenObserve is related to improper access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions and...

How to remove a user from a shared Android device

Some of our loyal readers may remember my little mishap when I was able to track my wife by accident after inadvertently adding myself to her phone as a user. For exactly that reason we want to warn against sharing devices and at least show you how to remove other people’s accounts from your...

How to remove a user from a shared Mac

There will be times when you need to remove a user from a device. In this article well show you how to remove a user from a Mac. For a better understanding its good to understand the difference between an actual user of the device and a "sharing only user." On a Mac, you can use Sharing Only User...

DEBIAN-CVE-2023-37766

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gfisomremoveuserdata function at /lib/libgpac.so...

Design/Logic Flaw

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gfisomremoveuserdata function at /lib/libgpac.so...

CVE-2023-37766

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gfisomremoveuserdata function at /lib/libgpac.so...

PT-2023-26098 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev381-g817a848f6-master Description: A segmentation violation was discovered in the gf isom remove user data function at /lib/libgpac.so. This issue affects the specified version of GPAC. Recommendations: For GPAC versio...

Carrier LenelS2 HID Mercury access panels 安全漏洞

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, U.S.A. A security vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to send specially crafted network packets to remove a user from the web interface. user...

Atlassian Fisheye and Crucible Unauthorized Operation Vulnerability

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A security vulnerability exists in the /json/profile/removeStarAjax.do resource in Atlassian Fisheye...

PT-2019-13802 · Php +1 · Phpmyadmin +1

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to remove a target user from phpMyAdmin via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.851, consider restricting...

CVE-2017-6086

Multiple cross-site request forgery CSRF vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to 1 add an administrator user via a crafted POST request to...

Flag clear - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2017-017

The Flag clear module allows administrators to remove user flags for content. This functionality is often useful in user-submission use-cases, where users do not necessarily need to unflag things on their own. The module doesn't sufficiently protect from CSRF attacks. The unflagging links do not...

DEBIAN-CVE-2011-2522

Multiple cross-site request forgery CSRF vulnerabilities in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that 1 shut down daemons, 2 start daemons, 3 add shares, 4 remove shares, 5 add printers...

Fedora 15 : viewvc-1.1.11-1.fc15 (2011-7185)

security fix: remove user-reachable override of cvsdb row limit - fix broken standalone.py -c and -d options handling - add --help option to standalone.py - fix stack trace when asked to checkout a directory issue 478 - improve memory usage and speed of revision log markup issue 477 - fix broken...

Fedora 13 : viewvc-1.1.11-1.fc13 (2011-7198)

security fix: remove user-reachable override of cvsdb row limit - fix broken standalone.py -c and -d options handling - add --help option to standalone.py - fix stack trace when asked to checkout a directory issue 478 - improve memory usage and speed of revision log markup issue 477 - fix broken...

Easy Photo Gallery 2.1 Arbitrary Add Admin / remove user Vulnerability

No description provided by source. ---------------------------------------------------------------- Script : Ezphotogallery 2.1 Type : Vulnerabilities Add Admin user/Remove user Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="...