CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•9 views

CVE-2018-25397

PHP-SHOP 1.0 is affected by a cross-site request forgery in the users.php endpoint. An unauthenticated attacker can craft a page with a hidden form that automatically POSTs parameters (name, email, password, permissions) to create an admin account, by convincing an authenticated administrator to ...

6.9CVSS5.7AI score0.00016EPSS

Vulnrichment•added 2026/05/26 7:29 p.m.•4 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

7.1CVSS5.8AI score0.00014EPSS

Exploits0References2

OSV•added 2026/05/18 5:42 p.m.•7 views

GHSA-C54J-XP92-WH28 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

8.8CVSS6AI score0.00036EPSS

Github Security Blog•added 2026/05/18 5:34 p.m.•10 views

Sulu: Used API Keys may be available via Admin API

Impact The users endpoint controller exposes a project's apiKey field to the logged-in user, provided they have permission for that endpoint. This only has impact if a project itself uses that specific field, Sulu itself does nothing with it and has no authentication per apiKey in its core. Patch...

5.8AI score

Exploits0References4Affected Software1

OSV•added 2026/05/18 5:34 p.m.•2 views

GHSA-9M6V-8FXC-4R44 Sulu: Used API Keys may be available via Admin API

2.3CVSS5.8AI score

RedhatCVE•added 2026/05/16 1:56 a.m.•8 views

CVE-2026-45248

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...

EUVD•added 2026/05/15 12:30 a.m.•8 views

Exploits0References1

EUVD-2026-30494

NVD•added 2026/05/14 10:16 p.m.•4 views

CVE-2026-45248

6.9CVSS0.00025EPSS

Exploits0References2

Cvelist•added 2026/05/14 9:36 p.m.•25 views

CVE-2026-45248 Hedera Guardian Authentication Bypass Information Disclosure

6.9CVSS0.00025EPSS

Exploits0References2

CVE•added 2026/05/14 9:36 p.m.•8 views

CVE-2026-45248

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in GET /api/v1/demo/registered-users that allows unauthenticated attackers to retrieve usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users. Exploitation detai...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/14 9:36 p.m.•4 views

CVE-2026-45248

CNNVD•added 2026/05/14 12:0 a.m.•4 views

Guardian 访问控制错误漏洞

Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.1 and earlier contained an access control vulnerability. This vulnerability stemmed from a authentication bypass in the GET /api/v1/demo/registered-users endpoint, which cou...

Positive Technologies•added 2026/05/14 12:0 a.m.•7 views

Exploits0References1

PT-2026-41130

Name of the Vulnerable Software and Affected Versions Hedera Guardian versions prior to 3.5.2 Description An authentication bypass exists in the 'GET /api/v1/demo/registered-users' endpoint. This allows unauthenticated attackers to retrieve sensitive user information, including usernames, Hedera...

NVD•added 2026/05/09 8:16 p.m.•7 views

Exploits0References6

CVE-2026-42562

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...

8.3CVSS0.00042EPSS

EUVD•added 2026/05/08 2:0 a.m.•5 views

EUVD-2026-28487

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the publi...

6.5CVSS5.4AI score0.00038EPSS

CVE•added 2026/05/08 2:0 a.m.•8 views

CVE-2026-8127

The CVE covers eladmin up to version 2.7, where the checkLevel function in /rest/UserController.java (Users API Endpoint) is susceptible. The issue allows remote manipulation that leads to improper access controls. Exploitation is possible remotely and has been disclosed publicly; the CVSS metric...

6.5CVSS6.1AI score0.00038EPSS

EUVD•added 2026/05/03 12:0 a.m.•7 views

EUVD-2026-26805

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

6.5CVSS5.6AI score0.0001EPSS