2213 matches found
EUVD-2026-26075
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information...
NVIDIA NVFlare Dashboard 安全漏洞
NVIDIA NVFlare Dashboard is a federal learning task management and monitoring interface developed by NVIDIA Corporation. The NVFlare Dashboard has security vulnerabilities, which stem from issues with user management and authentication systems. This allows unauthorized attackers to bypass...
CVE-2026-7091
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
EUVD-2026-25778
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
CVE-2026-7091
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
CVE-2026-7091
The CVE concerns code-projects Invoice System in Laravel 1.0, specifically the /user file within the User Management Handler. The issue is described as improper authorization, enabling remote exploitation and with a published exploit. CVSS vectors indicate a Network attack vector with low complex...
PT-2026-35359
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
Code-Projects Invoice System in Laravel 安全漏洞
Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a security vulnerability. This vulnerability stemmed from improper handling of the /user file in the User Management Handler...
CVE-2026-6911
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...
PT-2026-35027
Name of the Vulnerable Software and Affected Versions AWS Ops Wheel affected versions not specified Description Missing JWT signature verification allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application. This enables the ability to read,...
EUVD-2026-24323
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...
CVE-2026-22014
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...
CVE-2026-22014
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...
PT-2026-34082
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...
Oracle User Management 安全漏洞
Oracle User Management is a user management system developed by Oracle, a company in the United States. There are security vulnerabilities in versions 12.2.7 to 12.2.15 of Oracle User Management. These vulnerabilities stem from issues with the Workflow and Business Events component. They may allo...
CVE-2026-6592
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
PT-2026-33686
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclos...
CVE-2026-40350
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...