2509 matches found
Advance Post Prefix WordPress plugin - Reflected XSS
Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...
CVE-2026-48010
Summary: CVE-2026-48010 affects Shopware core prior to versions 6.6.10.18 and 6.7.10.1. The vulnerability arises when UserController::upsertUser() writes raw request data in SYSTEM_SCOPE without filtering the admin field, allowing a non-admin API user with user:create or user:update ACL to set ad...
CVE-2026-48010 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...
EUVD-2026-45237
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
CVE-2026-48008
Shopware vulnerability CVE-2026-48008 describes privilege escalation via the Sync API. A non-admin API user with integration:create can set admin: true when creating an integration through POST /api/_action/sync, bypassing the normal admin-check that blocks admin flag on POST /api/integration. Th...
CVE-2026-47084
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions...
CVE-2026-63087 Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stackid and orgid values present in the public source tree...
CVE-2026-63087
Grafana OnCall 1.16.11 is affected by an unauthenticated token-hijack vulnerability via the internal plugin install endpoint. An attacker can POST to the endpoint using hardcoded default stack_id and org_id values to obtain a valid PluginAuthToken, which can be used to authenticate against intern...
CVE-2026-62355
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...
CVE-2026-9738
The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contentpositioncss' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-55460
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with deleteuser=1 because BulkUsersController::destroy authorizes only update, allowing the user to...
CVE-2026-55460
CVE-2026-55460 affects Snipe-IT (IT asset/license management system). Before version 8.6.2, an authenticated non-admin user who had rights users.view and users.edit but not users.delete could directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorized onl...
CVE-2026-59190
Grav plugin: grav-plugin-admin is affected. In versions ≤1.10.52, an authenticated user with admin.users permission can escalate privileges by altering another user’s password via POST to /admin/user/{username}?task=save with data[password]. The vulnerability stems from saveUser validating the ca...
PT-2026-57264
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An authenticated non-admin user possessing users.view and users.edit permissions, but lacking users.delete permissions, can perform a soft-delete of another non-admin user. This occurs because the...
CVE-2026-58144
Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...
CVE-2026-54003
Summary of CVE-2026-54003 (Kirby CMS) : Affected Kirby installations with no configured user accounts, running behind a reverse proxy that sets Forwarded, X-Client-IP, or X-Real-IP headers could allow remote attackers to install the Panel and create the first admin user. This occurs on releases p...
CVE-2026-59225
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-31981
A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....
CVE-2026-14209
Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.