Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.3AI score0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 12:29 a.m.9 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 12:29 a.m.43 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS0.0034EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 5:58 p.m.11 views

MantisBT Has Authorization Bypass in Global Profile Creation

MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/02/11 12:0 a.m.13 views

CVE-2024-50619

CVE-2024-50619 affects CIPPlanner CIPAce prior to 9.17 in the My Account and User Management components. A low-privileged authenticated user can escalate privileges by tampering with the client’s user ID to access other accounts, and can elevate privileges by modifying information of a user role ...

8.8CVSS5.5AI score0.00232EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS7AI score0.0168EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8361

Malware in sbrugna...

9.8CVSS9.2AI score0.0168EPSS
Exploits1References3
OSV
OSV
added 2025/02/18 6:15 p.m.6 views

CVE-2024-56883

Sage DPW before 202412001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the...

8.1CVSS5.8AI score0.00672EPSS
Exploits1References1
OSV
OSV
added 2019/06/21 6:15 p.m.1 views

CVE-2019-10270

An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible due to lack of verification and correlation between the reset password key sent by mail and the userid parameter to reset the password of another user. One only needs to know the...

8.8CVSS7.4AI score0.01238EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/06/21 12:0 a.m.5 views

PT-2019-11674 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: Ultimate Member plugin version 2.39 for WordPress Description: An issue was discovered in the password reset functionality, allowing an attacker to reset the password of another user without proper verification. This is possible because the...

8.8CVSS8.7AI score0.01238EPSS
Exploits1References3
Rows per page
Query Builder