Lucene search
+L

176 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:31 a.m.9 views

EUVD-2026-17771

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/01 2:30 a.m.2 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 2:30 a.m.5 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 2:30 a.m.13 views

CVE-2026-5251

The CVE-2026-5251 entry describes a vulnerability in z-9527 admin 1.0/2.0 affecting the User Update Endpoint. The issue occurs in the code path related to /server/routes/user.js where manipulating the isAdmin argument (e.g., input 1) causes dynamically determined object attributes, enabling remot...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/01 2:30 a.m.37 views

CVE-2026-5251 z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS0.00242EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 4:0 p.m.6 views

GO-2026-4654 Netmaker has Privilege Escalation from Admin to Super-Admin via User Update in github.com/gravitl/netmaker

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update in github.com/gravitl/netmaker...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3
OSV
OSV
added 2026/03/09 5:27 p.m.5 views

GHSA-CH3W-9456-38V3 Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.9AI score0.0023EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/09 5:27 p.m.12 views

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/03/08 8:15 p.m.7 views

CVE-2026-3764

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...

7.5CVSS0.00364EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/08 7:32 p.m.5 views

CVE-2026-3764

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...

7.5CVSS5.6AI score0.00364EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.7 views

SourceCodester Client Database Management System 授权问题漏洞

SourceCodester Client Database Management System is an open-source client database management system developed by SourceCodester. Version 1.0 of the SourceCodester Client Database Management System has a vulnerability related to authorization issues. This vulnerability stems from incorrect...

7.5CVSS7.1AI score0.00364EPSS
Exploits1References6
CVE
CVE
added 2026/03/07 4:14 p.m.17 views

CVE-2026-29195

This CVE concerns Netmaker (WireGuard-based) where, prior to v1.5.0, the PUT /api/users/{username} handler failed to validate attempts by an admin to assign super-admin during user updates. The result could allow an admin-user to elevate to super-admin, since the check to prevent super-admin assi...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/07 4:14 p.m.33 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 4:14 p.m.1 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/03/07 4:14 p.m.6 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.10 views

PT-2026-23870

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0 Description Netmaker, which utilizes WireGuard, has an issue where the user update handler does not properly validate role assignments. Specifically, an administrator-role user can assign the super-admin role t...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References140
Cvelist
Cvelist
added 2026/03/06 3:32 a.m.35 views

CVE-2025-59544 Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

6.9CVSS0.00167EPSS
Exploits0References2
Rows per page
Query Builder