4 matches found
Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Register unwilling users for events potential harassment/spam - Cancel other users' event participation - Manipulate event participant counts and comments - If events have participation limits, fill slots with unwanted registrations...
CVE-2026-20888 Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
CVE-2024-2844
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...
American Orange Building Star has a horizontal overstepping operation vulnerability
Shanghai Meicang Technology Information Development Co., Ltd. is an Internet application service provider based on cloud computing. There is a horizontal override operation vulnerability in the user center of Mei Orange Building Star's My Orders position, which can be exploited by an attacker to...