CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS

Exploits0References1

Vulnrichment•added 2026/03/31 9:18 p.m.•0 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS5.8AI score0.00409EPSS

Exploits1References3

OSV•added 2026/03/31 9:18 p.m.•0 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

9.4CVSS5.8AI score0.00409EPSS

Exploits1References5

EUVD•added 2026/03/16 3:30 p.m.•4 views

EUVD-2016-10825

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS5.7AI score0.00059EPSS

Exploits2References4

NVD•added 2026/03/16 2:17 p.m.•1 views

CVE-2016-20035

6.9CVSS0.00059EPSS

Exploits2References3

NVD•added 2026/03/16 2:17 p.m.•1 views

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS0.0004EPSS

Exploits2References3

Positive Technologies•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25732

8.8CVSS5.8AI score0.0004EPSS

Exploits2References4

Vulnrichment•added 2026/03/15 6:34 p.m.•2 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

8.8CVSS5.8AI score0.0004EPSS

Exploits2References3

CVE•added 2026/03/15 6:34 p.m.•4 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...

6.9CVSS5.7AI score0.00059EPSS

Exploits2References3Affected Software1

Cvelist•added 2026/03/15 6:34 p.m.•18 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

6.9CVSS0.00059EPSS

Exploits2References3

Vulnrichment•added 2026/03/15 6:34 p.m.•1 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

6.9CVSS5.7AI score0.00059EPSS

Exploits2References3

ATTACKERKB•added 2026/03/15 6:34 p.m.•2 views

CVE-2016-20035

5.7AI score0.00059EPSS

Exploits2References3Affected Software1

CVE•added 2026/03/15 6:34 p.m.•9 views

CVE-2016-20034

CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...

8.8CVSS5.8AI score0.0004EPSS

Exploits2References3Affected Software1

ATTACKERKB•added 2026/03/15 6:34 p.m.•0 views

CVE-2016-20034

5.8AI score0.0004EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2026/02/18 1:12 p.m.•1 views

CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS6.1AI score0.00058EPSS

Exploits0References1

OSV•added 2025/11/28 7:15 a.m.•1 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS6.9AI score

Exploits0References3

NVD•added 2025/11/28 7:15 a.m.•2 views

CVE-2025-66385

9.4CVSS0.00052EPSS

Exploits0References3

Vulnrichment•added 2025/11/28 12:0 a.m.•2 views

CVE-2025-66385

9.4CVSS6.6AI score0.00052EPSS

Exploits0References3

CNNVD•added 2025/05/05 12:0 a.m.•1 views

Hope-Boot 安全漏洞

Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. A security vulnerability exists in Hope-Boot v1.0.0, which stems from improper access control in the component /user/edit/ and could lead to bypassing authentication...

9.8CVSS6.6AI score0.00299EPSS

Exploits1References1

Positive Technologies•added 2022/11/30 12:0 a.m.•1 views

PT-2022-26352 · Unknown · Sourcecodester Book Store Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Book Store Management System version 1.0 Description: A problematic vulnerability has been found in the SourceCodester Book Store Management System. This issue affects an unknown part of the file /bsms ci/index.php/user/edit...

7.5CVSS5.4AI score0.00432EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by