Lucene search
+L

236 matches found

Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-59258 immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS0.00315EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS0.00297EPSS
Exploits0References7
CVE
CVE
added 2026/07/08 12:0 a.m.16 views

CVE-2026-31309

Affected software: Mysterium Node (before v1.36.0). Vulnerability: Improper authorization in the /tequilapi/config/user endpoint allows an unauthenticated attacker to arbitrarily overwrite the node configuration, potentially leading to full node takeover. Affected versions: v1.21.1-rc0 up to (but...

9.8CVSS6.1AI score0.00324EPSS
Exploits2References3
OSV
OSV
added 2026/07/08 12:0 a.m.4 views

CVE-2026-31309

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node from v1.21.1-rc0 before v1.36.0 allows an unauthenticated attacker to arbitrarily overwrite the node's configuration and achieve a full node takeover via a crafted POST request...

9.8CVSS6.1AI score0.00324EPSS
Exploits2References5
OSV
OSV
added 2026/06/26 9:23 p.m.4 views

GHSA-985R-Q3QP-299H phpMyFAQ has an incomplete fix for GHSA-xvp4-phqj-cjr3 — editUser() and updateUserRights() lack authorization guards

Advisory / Disclosure phpMyFAQ 4.1.3 — incomplete fix for the admin-API IDOR/privilege-escalation class Target: thorsten/phpMyFAQ composer: thorsten/phpmyfaq, phpmyfaq/phpmyfaq Affected: "Only SuperAdmins may change other users' attributes. Self-service is always allowed." and "a non-SuperAdmin...

8.1CVSS6AI score0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 7:59 p.m.7 views

GHSA-2VG8-Q4C2-5CW3 OpenAM has LDAP Injection via `_queryId` Parameter

OpenAM Open Identity Platform is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under /json/realm/users. In IdentityResourceV1.queryCollection, the HTTP query parameter queryId is passed to a CrestQue...

8.7CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/06/17 6:9 p.m.8 views

GHSA-WRR5-99H5-GQ57 Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes

Summary Many authenticated self routes under /api/v1/user/... do not enforce the public-only token restriction. As a result, a token or OAuth grant marked public-only, but otherwise carrying the route-required read/write scope category, can access or modify private account resources through self...

8.1CVSS5.5AI score
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the/api/create-user component, which has an unlimited file renaming vulnerability. This could allow authenticated attackers to use...

8.8CVSS6.2AI score0.00998EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-7091

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-35476

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...

7.2CVSS5.5AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability. This vulnerability stems from the lack of proper cleaning or outpu...

4.3CVSS5AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 12:15 a.m.42 views

CVE-2026-9409 Sushmi-pal Invoice-System User Management user improper authorization

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack...

5.3CVSS0.00198EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 3:44 p.m.14 views

GHSA-59FH-9F3P-7M39 Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification

Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...

6CVSS5.8AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 11:16 p.m.18 views

CVE-2026-30950

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

7.1CVSS0.00384EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/18 10:28 p.m.8 views

CVE-2026-30950 AutoGPT has Authenticated Session Hijacking via IDOR

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

7.1CVSS5.9AI score0.00384EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 10:28 p.m.11 views

CVE-2026-30950

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...

7.1CVSS5.9AI score0.00384EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

AutoGPT 安全漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Versions 0.6.36 to 0.6.50 of AutoGPT contain security vulnerabilities. These vulnerabilities stem from the lack of verification of session ownership at the PATCH...

7.1CVSS5.8AI score0.00384EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.13 views

CVE-2021-47962

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder