434 matches found
CVE-2026-9376
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
phpMyFAQ: IDOR Account Takeover
Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...
Missing Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...
Missing Authorization
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...
Astra Linux – Vulnerability in sudo
In Sudo version 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a non-existent user by executing sudo with a numerical UID that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability, as executing a command via sudo a...
CVE-2026-37978 Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api
A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...
CVE-2026-33052
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...
CVE-2026-44550
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...
CVE-2021-47966
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
CVE-2026-31241
The CVE-2026-31241 entry concerns the mem0 1.0.0 server, where the DELETE /memories endpoint fails to enforce authentication/authorization. This allows unauthenticated attackers to delete memory records by supplying arbitrary identifiers (e.g., user_id, run_id, agent_id) via query parameters, pot...
CVE-2026-43881
Technical details about CVE-2026-43881 are not provided in the connected documents. The Initial Description summarizes the vulnerability, but no vendor/product/version specifics or remediation are included here. Monitor for updated advisories and fixes.
EUVD-2026-28904
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...
CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...
GHSA-HR43-RJMR-7WMM Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts
Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts Affected Component Folder creation endpoint and form model: - backend/openwebui/models/folders.py lines 72-77, FolderForm with extra='allow' - backend/openwebui/models/folders.py lines 95-106,...
PT-2026-39254
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler in free5GC contains an issue where a single authenticated request can cause a panic. This occurs when a request is made to the endpoint "DELETE...
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300 , has been described as a case of unauthenticated remote code execution. It carries a CVSS score of...
Flowise 授权问题漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise 3.0.12 and earlier contained an authorization vulnerability. This vulnerability stemmed from issues with the operations of the parameter userId/organizationId/workspaceId/emai...
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal aka Captive Portal service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted...
GHSA-FG3J-5W9G-HMG7 authd: Primary group ID is incorrectly set to value of UID
authd 0.6.0 contains a bug which can lead to an incorrect primary group ID. It affects users whose primary group ID i.e. the GID in the user record differs from their UID. There are two ways which can lead to this: 1. The user was created with authd &2 continue fi if "$OLDGID"...
AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction
Summary objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller including unauthenticated visitors, which defeats the admin-only guard...