3629 matches found
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...
CVE-2026-40172
authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...
CVE-2025-32747
Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-32747
Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-32747
Dell PowerFlex Manager
PT-2026-42759
Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-8350
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...
EUVD-2026-31343
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...
CVE-2026-8350
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...
CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...
CVE-2026-8350
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php, enabling privilege escalation to the Administrative Group. Any authenticated user with access to the bulk user assignment dashboard can add any user email to any group and can remove legitimate ad...
CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...
CVE-2026-48235
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from a lack of authorization in the bulkuserassignment.php file, which may lead to permissions being granted to...
PT-2026-42546
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description Missing authorization in the 'bulk user assignment.php' endpoint allows an authenticated user with access to the bulk user assignment dashboard page to perform privilege escalation to the...
PT-2026-42513
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...
Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...
GHSA-59FH-9F3P-7M39 Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...
NPM: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
NPM: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None
Summary GHSA-mhc8-p3jx-84mm CVE-2026-43948 reported that wger's resetuserpassword and gympermissionsuseredit views in wger/gym/views/user.py performed a gym-scope authorization check using Django ORM object comparison if request.user.userprofile.gym != user.userprofile.gym which silently passes...