Lucene search
K

142 matches found

NVD
NVD
added 2026/03/16 2:17 p.m.7 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00156EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25732

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.3 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

5.7AI score0.00156EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

5.8AI score0.00209EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/03/15 6:34 p.m.20 views

CVE-2016-20034

CVE-2016-20034 affects Wowza Streaming Engine 4.5.0. The vulnerability allows an authenticated read-only user to elevate privileges to administrator by manipulating POST parameters on the user edit endpoint, specifically setting accessLevel to 'admin' and advUser to 'true' and 'on'. The issue is ...

8.8CVSS5.8AI score0.00209EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/03/15 6:34 p.m.10 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...

6.9CVSS5.7AI score0.00156EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.4 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS5.7AI score0.00156EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.36 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00156EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.34 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS0.00209EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.9 views

PT-2026-22613

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to SQL Injection through the /ppes/admin/edit tecnical user.php endpoint. The vulnerability allows for potential unauthorized access or...

9.8CVSS6AI score0.0047EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/18 1:12 p.m.3 views

CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS6.1AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 12:16 p.m.4 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

4.9CVSS5.8AI score0.00268EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 11:7 a.m.8 views

EUVD-2026-5551

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 11:7 a.m.28 views

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.17 views

PT-2026-6547

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description User passwords are stored in plaintext. An attacker with high privileges can view user passwords on the user editing page. The vendor was notified of this issue but...

6.9CVSS5.5AI score0.00268EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-5034

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an electronic health records and medical practice management application. A broken access control exists in the Profile Edit endpoint. An authenticated user can modify request parameters...

8.8CVSS5.3AI score0.00333EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/01 2:16 p.m.5 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS7AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2025/11/28 7:15 a.m.6 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS0.00368EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/28 12:0 a.m.2 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS6.6AI score0.00368EPSS
Exploits0References3
Rows per page
Query Builder