Lucene search
K

859 matches found

OSV
OSV
added 2026/03/27 3:42 p.m.2 views

GHSA-F346-8RP3-4H9H TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

Summary A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded...

6.5CVSS5.8AI score0.00293EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/03/27 12:24 p.m.4 views

WordPress Amelia Booking Pro plugin <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability

Authenticated Customer+ Insecure Direct Object Reference to Arbitrary User Password Change vulnerability discovered by Hunter Jensen skid in WordPress Plugin Amelia versions = 9.1.2...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS0.00293EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 8:27 p.m.23 views

CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS0.00293EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:27 p.m.3 views

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS5.8AI score0.00293EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

TSPortal 安全漏洞

TSPortal is a team management platform developed by Miraheze. Previous versions of TSPortal had security vulnerabilities; these vulnerabilities stemmed from defects in the validation logic, allowing attackers to create arbitrary user records, leading to uncontrolled database growth and...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
NVD
NVD
added 2026/03/23 10:16 p.m.8 views

CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

8.1CVSS0.00305EPSS
Exploits0References4
OSV
OSV
added 2026/03/23 9:40 p.m.5 views

CVE-2026-32300 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

8.1CVSS6AI score0.00305EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/23 9:40 p.m.23 views

CVE-2026-32300 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

8.1CVSS0.00305EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 9:40 p.m.13 views

CVE-2026-32300

This CVE entry relates to Connect CMS (My Page Profile Update) with an improper authorization flaw that can allow an authenticated attacker to modify arbitrary user information (including passwords). Affected versions are 1.x up to 1.41.0 and 2.x up to 2.41.0. The vulnerability enables takeover o...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 8:39 p.m.6 views

Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/23 8:39 p.m.3 views

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.13 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...

6.5CVSS5.9AI score0.00312EPSS
Exploits1References2
CVE
CVE
added 2026/03/13 3:8 a.m.17 views

CVE-2025-57849

CVE-2025-57849 describes a container privilege escalation in certain Fuse images caused by the /etc/passwd file being created with group-writable permissions during build time. In affected containers, a non-root user who can run commands could use root-group membership to modify /etc/passwd, enab...

6.4CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.11 views

PT-2026-25150

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 4:42 p.m.9 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.8AI score0.00138EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/11 12:16 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users,...

7.1CVSS5.9AI score0.00452EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24743

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 7:16 p.m.4 views

CVE-2026-26417

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests...

8.1CVSS5.9AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/03/03 12:15 a.m.13 views

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS0.003EPSS
Exploits0References2
Rows per page
Query Builder