Lucene search
K

52 matches found

Cvelist
Cvelist
added 21 hours ago9 views

CVE-2026-15622 poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS
Exploits0References8
EUVD
EUVD
added 21 hours ago5 views

EUVD-2026-43599

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score
Exploits0References8
NVD
NVD
added 2026/07/05 11:16 p.m.9 views

CVE-2026-14775

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 10:45 p.m.15 views

CVE-2026-14775

The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function in the file /process_lesson.php where manipulation of the argument user_id leads to unrestricted upload. The attack can be launched remotely, and an exploit is publicly available. T...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55832

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the /process lesson.php file where manipulation of the user id variable allows for unrestricted file upload. This flaw can be exploited...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.10 views

PT-2026-55733

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.2AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.16 views

PT-2026-41522

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References5
NVD
NVD
added 2026/05/03 11:16 p.m.12 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 11:0 p.m.5 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/03 11:0 p.m.5 views

CVE-2026-7709 janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 11:15 p.m.32 views

CVE-2026-6584 TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...

5.5CVSS0.003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:15 a.m.4 views

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

5.3CVSS4.5AI score0.00357EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29475

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...

7.5CVSS6.8AI score0.00333EPSS
Exploits1References6
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-4171

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

6.5CVSS0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/09 7:54 p.m.4 views

CVE-2026-3761

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References1
OSV
OSV
added 2026/03/08 7:16 p.m.7 views

CVE-2026-3761

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.4CVSS5.4AI score
Exploits0References5
NVD
NVD
added 2026/03/08 7:16 p.m.10 views

CVE-2026-3761

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS0.00337EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/08 6:32 p.m.3 views

CVE-2026-3761 SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/27 12:41 a.m.11 views

CVE-2026-3186

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS5.1AI score0.00222EPSS
Exploits1References1
Rows per page
Query Builder