Lucene search
K

130 matches found

CVE
CVE
added 2026/02/10 4:40 p.m.15 views

CVE-2026-24885

Kanboard (Kanban project management software) is affected by a CSRF flaw in the ProjectPermissionController prior to version 1.2.50. The root cause is the server not strictly enforcing Content-Type: application/json for the changeUserRole action, accepting text/plain despite a JSON body. This all...

8CVSS5.3AI score0.00182EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/23 12:26 p.m.4 views

CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.5AI score0.00365EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/23 8:57 a.m.12 views

WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability

Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...

8.8CVSS5.5AI score0.00365EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2979

Name of the Vulnerable Software and Affected Versions Drupal Role Delegation versions 1.3.0 through 1.4.9 Description A privilege escalation issue exists in the Role Delegation module. The module allows site administrators to grant specific roles the authority to assign selected roles to users,...

5.4CVSS5.2AI score0.00221EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.10 views

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

5.7CVSS6.6AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/20 6:22 a.m.22 views

CVE-2025-13619 Flex Store Users <= 1.1.0 - Unauthenticated Privilege Escalation

The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the 'fsUserHandle::signup' and the 'fsSellerRole::addroleseller' functions not restricting what user roles a user can register with. This makes it possible f...

9.8CVSS0.00317EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 10:16 p.m.11 views

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

7.2CVSS8.1AI score0.00395EPSS
Exploits1References1
NVD
NVD
added 2025/10/22 10:15 p.m.15 views

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

7.2CVSS0.00395EPSS
Exploits1References2
OSV
OSV
added 2025/10/22 4:46 p.m.6 views

GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

7.2CVSS8.1AI score0.00395EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/22 12:0 a.m.9 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-2693

Malware in sbrugna...

5.4CVSS5.5AI score0.00563EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-0469

Malware in sbrugna...

7.5CVSS6.4AI score0.02685EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-4232

Malware in sbrugna...

6.5CVSS6.4AI score0.01272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2020-0096

Malware in sbrugna...

8.8CVSS8.1AI score0.01896EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-1632

Malware in sbrugna...

10CVSS6.4AI score0.02269EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5955

Malware in sbrugna...

4.3CVSS5.4AI score0.00629EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9152

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3932

Malicious code in bioql PyPI...

5.5CVSS4.7AI score0.00709EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-43288

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00463EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-10958

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
Rows per page
Query Builder