222 matches found
CVE-2026-9466
A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...
CVE-2026-9466
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an API Endpoint vulnerability in /rest/user/updateUserPassword, where input manipulation can lead to weak password recovery. The issue is exploitable remotely and has publicly disclosed exploit activity. No remediation details are provid...
EUVD-2026-31698
A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...
Tiandy Easy7 Integrated Management Platform 授权问题漏洞
Tiandy Easy7 Integrated Management Platform is a video surveillance integrated management platform from Tiandy, China. An authorization issue vulnerability exists in Tiandy Easy7 Integrated Management Platform version 7.17.0, which originates from the handling of the file...
WordPress plugin Oliver POS 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-5779
An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...
PT-2026-35714
Name of the Vulnerable Software and Affected Versions Minerva version 3.6.0 Description An insecure direct object reference IDOR issue exists in the '/minerva/user/updateUserProfile' endpoint. This improper access control allows an authenticated user to modify the profiles of other registered...
EUVD-2026-25803
A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...
PT-2026-35379
A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...
Code-Projects Chat System 加密问题漏洞
Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a security vulnerability related to encryption. This vulnerability stems from the parameter “Password” in the MD5 Hash Handler component’s “updateuser.php” file,...
CVE-2026-6912
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
EUVD-2026-25577
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
CVE-2026-6912
The CVE-2026-6912 affects AWS Ops Wheel prior to PR #165, where access to dynamically determined Cognito User Pool attributes can be abused. The root cause is improper control over updates to object attributes, enabling remote authenticated users to escalate to deployment-admin privileges by craf...
AWS Ops Wheel 安全漏洞
AWS Ops Wheel is an open-source tool provided by Amazon Web Services that supports multi-tenant functionality. There is a security vulnerability in AWS Ops Wheel, which stems from improper control over the modification of object properties dynamically determined during the Cognito user pool...
PT-2026-35028
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
CVE-2026-6584
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...
CVE-2026-6584 TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...
CVE-2026-6584
The CVE concerns TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the update_user function in superagi/controllers/user.py, where manipulating the user_id parameter leads to an authorization bypass. Impact is reported as a remote attack with publicly available exploit. Supporte...
CVE-2026-6584
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...
CVE-2026-6584 TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...