Lucene search
+L

147 matches found

Vulnrichment
Vulnrichment
•added 2026/03/31 9:18 p.m.•3 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
•added 2026/03/31 9:18 p.m.•5 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS5.8AI score0.00505EPSS
Exploits1References5
EUVD
EUVD
•added 2026/03/16 3:30 p.m.•8 views

EUVD-2016-10825

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS5.7AI score0.00156EPSS
Exploits2References4
EUVD
EUVD
•added 2026/03/16 3:30 p.m.•8 views

EUVD-2016-10823

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References4
NVD
NVD
•added 2026/03/16 2:17 p.m.•9 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00156EPSS
Exploits2References3
NVD
NVD
•added 2026/03/16 2:17 p.m.•6 views

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS0.00209EPSS
Exploits2References3
Positive Technologies
Positive Technologies
•added 2026/03/16 12:0 a.m.•18 views

PT-2026-25732

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
•added 2026/03/15 6:34 p.m.•5 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

5.7AI score0.00156EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/15 6:34 p.m.•3 views

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

5.8AI score0.00209EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
•added 2026/03/15 6:34 p.m.•5 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS5.7AI score0.00156EPSS
Exploits2References3
Vulnrichment
Vulnrichment
•added 2026/03/15 6:34 p.m.•4 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3
Cvelist
Cvelist
•added 2026/03/15 6:34 p.m.•41 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00156EPSS
Exploits2References3
Cvelist
Cvelist
•added 2026/03/15 6:34 p.m.•38 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS0.00209EPSS
Exploits2References3
CVE
CVE
•added 2026/03/15 6:34 p.m.•26 views

CVE-2016-20034

CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3Affected Software1
CVE
CVE
•added 2026/03/15 6:34 p.m.•16 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...

6.9CVSS5.7AI score0.00156EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
•added 2026/03/02 12:0 a.m.•12 views

PT-2026-22613

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to SQL Injection through the /ppes/admin/edit tecnical user.php endpoint. The vulnerability allows for potential unauthorized access or...

9.8CVSS6AI score0.0047EPSS
Exploits1References5
Vulnrichment
Vulnrichment
•added 2026/02/18 1:12 p.m.•4 views

CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS6.1AI score0.00204EPSS
Exploits0References1
OSV
OSV
•added 2026/02/05 12:16 p.m.•5 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

4.9CVSS5.8AI score0.00268EPSS
Exploits0References2
EUVD
EUVD
•added 2026/02/05 11:7 a.m.•10 views

EUVD-2026-5551

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/02/05 11:7 a.m.•31 views

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS0.00245EPSS
Exploits0References2
Rows per page
Query Builder