Lucene search
K

230 matches found

EUVD
EUVD
added 2026/03/22 3:31 p.m.6 views

EUVD-2026-14306

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References4
NVD
NVD
added 2026/03/22 2:16 p.m.7 views

CVE-2026-4548

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/22 1:2 p.m.2 views

CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS5.6AI score0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/22 1:2 p.m.3 views

CVE-2026-4548

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/22 1:2 p.m.34 views

CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.4 views

PT-2026-27010

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.9 views

Next SaaS Stripe Starter 授权问题漏洞

Next SaaS Stripe Starter is an integrated payment and authentication SaaS project starter developed by mickasmt as a personal developer. Version 1.0.0 of Next SaaS Stripe Starter contains an authorization issue vulnerability. This vulnerability stems from incorrect operations with the parameter...

6.5CVSS6.6AI score0.00195EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/16 8:32 a.m.128 views

Vulnerability-Report

Unauthenticated Arbitrary File Upload RCE in Gaatitrack Cour...

6.8AI score
Exploits0
Snyk
Snyk
added 2026/03/11 10:40 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the updateUserNotifications handler in...

5.4CVSS5.9AI score0.00253EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 8:9 p.m.0 views

CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

5.4CVSS5.8AI score0.00253EPSS
Exploits1References1
NVD
NVD
added 2026/03/08 1:15 a.m.7 views

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/08 12:32 a.m.35 views

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/08 12:32 a.m.3 views

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS6.7AI score0.00403EPSS
Exploits0References6
CVE
CVE
added 2026/03/08 12:32 a.m.18 views

CVE-2026-3693

Shy2593666979 AgentChat (up to 2.3.0) contains a vulnerability in the User Endpoint: get_user_info/update_user_info in /src/backend/agentchat/api/v1/user.py, where manipulating the argument user_id causes improper control of resource identifiers. The issue can be exploited remotely and an exploit...

7.5CVSS6.7AI score0.00403EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.10 views

AgentChat 安全漏洞

AgentChat is a multi-agent collaborative dialogue system based on large language models, developed by Shy2593663669. Versions of AgentChat 2.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter userid in the functions getuserinfo an...

7.5CVSS7.1AI score0.00403EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:32 p.m.7 views

CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

5.1CVSS3.6AI score0.00276EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/22 1:32 p.m.16 views

CVE-2026-2947

CVE-2026-2947 affects rymcu forest up to version 0.0.5, specifically the updateUserInfo function in src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the User Profile Handler. The issue enables cross-site scripting due to the underlying manipulation, allowing remote execution...

5.4CVSS3.6AI score0.00276EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.6 views

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

9.8CVSS6AI score0.00398EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20479

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save user.php and /admin/update user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname...

9.8CVSS6AI score0.00398EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.3 views

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

9.8CVSS6AI score0.00398EPSS
Exploits1References2
Rows per page
Query Builder