Lucene search
K

97 matches found

Cvelist
Cvelist
added 2026/05/19 12:0 a.m.47 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

0.00476EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.8 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

5.8AI score0.00476EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41943

Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Unauthenticated remote attackers can escalate privileges by self-assigning an administrative role during the registration process. This occurs because the '/api/user/signup'...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 5:31 p.m.19 views

CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 3:49 p.m.2 views

CVE-2026-35567

...

5.9AI score0.00047EPSS
Exploits0
Patchstack
Patchstack
added 2026/03/23 7:5 p.m.6 views

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.1 views

CVE-2026-2375 App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 1:56 a.m.7 views

CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.3CVSS5.9AI score0.00371EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/11 6:13 p.m.30 views

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS0.00638EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:13 p.m.2 views

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/11 6:13 p.m.2 views

EUVD-2026-11284

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Taskosaur 安全漏洞

Taskosaur is an open-source project management platform that integrates conversational AI. Version 1.0.0 of Taskosaur contains a security vulnerability; this vulnerability arises from incorrect validation of role parameters during the user registration process, which may lead to unauthorized...

9.8CVSS5.8AI score0.00638EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.11 views

PT-2026-24782

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References7
NVD
NVD
added 2026/02/27 7:17 a.m.18 views

CVE-2025-12981

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS0.00574EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 6:43 a.m.6 views

CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 6:43 a.m.6 views

CVE-2025-12981

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/27 12:0 a.m.3 views

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

5.9AI score0.00402EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.7 views

CVE-2021-33223

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file...

8.8CVSS7.1AI score0.00804EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.13 views

CVE-2023-4404

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

9.8CVSS6.2AI score0.00765EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.4 views

CVE-2023-4293

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmppupdateprofile' function. This makes it possible for authenticated attackers, with minimal...

8.8CVSS6.1AI score0.00794EPSS
Exploits1References1
Rows per page
Query Builder