CVE-2026-42562

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...

CVE-2023-43203

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function updateusers...

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

EUVD-2024-17707

Malicious code in bioql PyPI...

CVE-2023-3403

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateUsers, which can be exploited by an attacker to bypass...

CVE-2024-1991

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateusersrole function in all versions up to, and including, 5.3.0.0. This makes it possible for...

WordPress Plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

CVE-2024-2533

A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The...

CVE-2024-2532

A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched...

Online-College-Event-Hall-Reservation-System Security Vulnerability

Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. A security vulnerability exists in...

CVE-2023-43203

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function updateusers...

CVE-2023-43203

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function updateusers...

D-LINK DWL-6610 缓冲区错误漏洞

The D-Link DWL-6610 is a wireless access point from China AUO D-Link. The D-Link DWL-6610 suffers from a buffer overflow vulnerability, which originates from a failure to properly validate the length and size of input data in the updateusers function, which can be exploited by a remote attacker t...

PT-2023-5380 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-Link DWL-6610AP version FW v 4.3.0.8B003C Description: The issue is related to a stack overflow vulnerability in the update users function of the D-Link DWL-6610AP wireless access point's firmware. This vulnerability can be exploited by a...

Cross site request forgery (csrf)

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...