4 matches found
PT-2026-51622
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A repository admin collaborator can escalate their privileges to owner-level access due to an off-by-one error in the ChangeCollaborationAccessMode function. This occurs because the validation...
NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner
Summary A race condition vulnerability allows authenticated admin-privileged users to escalate to owner privilege. Details The vulnerability exists in the updateUser function, which is connected to the /users/userId PUT request. This function then calls the SaveOrAddUsers function, which checks t...
GHSA-RXMP-8H9V-56CX NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner
Summary A race condition vulnerability allows authenticated admin-privileged users to escalate to owner privilege. Details The vulnerability exists in the updateUser function, which is connected to the /users/userId PUT request. This function then calls the SaveOrAddUsers function, which checks t...
CVE-2026-32103 StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...