Lucene search
+L

36 matches found

CVE
CVE
added 2026/04/19 11:15 p.m.15 views

CVE-2026-6584

The CVE concerns TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the update_user function in superagi/controllers/user.py, where manipulating the user_id parameter leads to an authorization bypass. Impact is reported as a remote attack with publicly available exploit. Supporte...

5.5CVSS5.5AI score0.003EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:31 a.m.9 views

EUVD-2026-17771

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/01 2:30 a.m.2 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 2:30 a.m.5 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 2:30 a.m.13 views

CVE-2026-5251

The CVE-2026-5251 entry describes a vulnerability in z-9527 admin 1.0/2.0 affecting the User Update Endpoint. The issue occurs in the code path related to /server/routes/user.js where manipulating the isAdmin argument (e.g., input 1) causes dynamically determined object attributes, enabling remot...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/01 2:30 a.m.37 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS0.00242EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/09 5:27 p.m.12 views

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 4:14 p.m.1 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.26 views

PT-2026-42539

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.10 Description An issue exists where the '/user/update' endpoint does not restrict which fields a user can modify when updating their own account. This allows a user to change their user role to proxy admin,...

9CVSS5.3AI score0.00653EPSS
Exploits2References28
EUVD
EUVD
added 2026/01/28 5:35 p.m.9 views

EUVD-2020-30881

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

8.8CVSS5.9AI score0.00419EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2024/11/27 7:15 a.m.5 views

CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

8.8CVSS7AI score0.0073EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.6 views

PT-2023-32917 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions up to 4.2.0 Description: A problematic vulnerability has been found in Novel-Plus, affecting an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the nickName...

5.4CVSS4.4AI score0.00545EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2020/01/01 12:0 a.m.7 views

PT-2026-5160

Name of the Vulnerable Software and Affected Versions M/Monit version 3.7.4 Description An authenticated user can escalate privileges by manipulating the admin parameter. An attacker can send a crafted POST request to the /api/1/admin/users/update endpoint to grant administrative access to a...

8.8CVSS5.5AI score0.00419EPSS
Exploits1References11
Rows per page
Query Builder