105 matches found
CVE-2026-38807
Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...
PT-2026-44048
Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...
CVE-2026-38807
Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...
GHSA-9M6V-8FXC-4R44 Sulu: Used API Keys may be available via Admin API
Impact The users endpoint controller exposes a project's apiKey field to the logged-in user, provided they have permission for that endpoint. This only has impact if a project itself uses that specific field, Sulu itself does nothing with it and has no authentication per apiKey in its core. Patch...
CVE-2026-8127
A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the publi...
EUVD-2026-26805
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...
youlai-boot 注入漏洞
Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...
CVE-2026-7502
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...
LinkStack 跨站脚本漏洞
LinkStack is a unique platform developed by LinkStack OpenSource, offering efficient solutions for managing and sharing links online. Versions of LinkStack 4.8.6 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the operation of the editPage function in t...
PT-2026-36202
Name of the Vulnerable Software and Affected Versions LinkStackOrg LinkStack versions prior to 4.8.7 Description An authorization bypass exists in the Management Endpoint component. This issue occurs within the saveLink function located in the app/Http/Controllers/UserController.php file, allowin...
GHSA-R8RP-5F55-5J9X Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php
A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...
Authorization Bypass Through User-Controlled Key
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in...
CVE-2026-4514
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...
EUVD-2026-14248
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...
CVE-2026-4514
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...
CVE-2026-4514 PbootCMS Backend UserController.php access control
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...
CVE-2026-4514
Affected software: PbootCMS up to 3.2.12. Vulnerable component: backend, specifically apps/admin/controller/system/UserController.php. Description indicates that manipulation of the Field argument can lead to improper access controls, with remote exploitation possible. Exploit has been published ...
PT-2026-26887
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...
CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...
CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...