Lucene search
K

95 matches found

CVE
CVE
added 2026/06/24 5:17 p.m.9 views

CVE-2026-55611

CVE-2026-55611 affects AnythingLLM. The vulnerability allows cross-tenant IDOR deletion of parsed-files via the endpoint POST /api/workspace/:slug/embed-parsed-file/:fileId. From 1.11.1 to 1.14.1, ownership-scoped access was added for parsed-files reads/deletes, but the delete path still removes ...

5.9AI score0.00236EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: configfs-tsm-report: Fixed the NULL dereference of tsmops. Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, t...

5.5CVSS6.4AI score0.00146EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/18 2:25 p.m.7 views

Missing Authorization

Overview frigate is an A tool for autogenerating helm documentation. Affected versions of this package are vulnerable to Missing Authorization via the DELETE /api/users/admin endpoint. An attacker can remove privileged user accounts and disrupt service availability by sending crafted requests wit...

8.5CVSS5.9AI score0.00243EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/18 2:25 p.m.5 views

Frigte has broken access control viewer user can delete admin and other users account

Summary Users with the viewer role can delete admin and other users account. It this leads to denial of service and affects data integrity. Details Endpoint DELETE /api/users/admin is enable to anonymous user. PoC I deleted admin user on demo.frigate.video: Impact It this leads to denial of servi...

8.1CVSS5.8AI score0.00243EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/07 12:15 a.m.8 views

CVE-2020-37079

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...

3.5CVSS5.7AI score0.0017EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/06 11:16 p.m.1 views

CVE-2020-37079 Wing FTP Server < 6.2.7 - Cross-site Request Forgery

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...

5.1CVSS5.3AI score0.0017EPSS
Exploits1References4
CVE
CVE
added 2026/02/06 11:16 p.m.18 views

CVE-2020-37079

Wing FTP Server prior to version 6.2.7 is affected by a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows an attacker to delete admin users by crafting a malicious HTML page with a hidden form that submits a request without proper authorization. The i...

5.1CVSS5.2AI score0.0017EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/06 11:14 p.m.10 views

CVE-2020-37147

CVE-2020-37147 affects ATutor 2.2.4, with an SQL injection in the admin_delete.php page via the id parameter. Authenticated attackers can manipulate queries in the admin user deletion flow, potentially extracting or modifying database information. Practical impact is consistent with a high-severi...

7.1CVSS5.8AI score0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.6 views

CVE-2020-37147

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

7.1CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.7 views

CVE-2026-1453

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...

9.8CVSS5.9AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.9 views

CVE-2022-0313

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack...

4.3CVSS6.7AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.8 views

CVE-2024-2843

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks...

6.5CVSS6.6AI score0.00253EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 7:15 p.m.4 views

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...

9.1CVSS0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/19 3:31 p.m.5 views

EUVD-2025-198156

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

9.8CVSS6.6AI score0.0059EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.20 views

CVE-2025-63955

A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...

7.5CVSS6.6AI score0.00204EPSS
Exploits2References1
EUVD
EUVD
added 2025/11/18 9:32 p.m.7 views

EUVD-2025-198075

A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...

7.5CVSS6.1AI score0.00204EPSS
Exploits2References3
OSV
OSV
added 2025/11/18 7:15 p.m.6 views

CVE-2025-63955

A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...

7.5CVSS5.7AI score0.00204EPSS
Exploits2References2
EUVD
EUVD
added 2025/11/18 1:26 p.m.5 views

EUVD-2025-198001

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. The vendor was notified early about this vulnerability, but didn't respond with the detail...

6.9CVSS6.3AI score0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.13 views

CVE-2025-63955

A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...

0.00204EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.15 views

PT-2025-47385

Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record System version 3.2 Description A Cross-Site Request Forgery CSRF issue exists in the manage-students.php component. An attacker can trick an authenticated administrator into submitting a forged request, leading to the...

7.5CVSS6.4AI score0.00204EPSS
Exploits2References4
Rows per page
Query Builder