Lucene search
K

4 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/03/09 12:0 a.m.12 views

Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter

Register unwilling users for events potential harassment/spam - Cancel other users' event participation - Manipulate event participant counts and comments - If events have participation limits, fill slots with unwanted registrations...

5.4CVSS5.8AI score0.00253EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/22 10:1 p.m.4 views

CVE-2026-20888 Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References7
OSV
OSV
added 2024/03/29 6:15 a.m.5 views

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

4.3CVSS5.8AI score0.00435EPSS
Exploits0References3
CNVD
CNVD
added 2019/04/22 12:0 a.m.1 views

American Orange Building Star has a horizontal overstepping operation vulnerability

Shanghai Meicang Technology Information Development Co., Ltd. is an Internet application service provider based on cloud computing. There is a horizontal override operation vulnerability in the user center of Mei Orange Building Star's My Orders position, which can be exploited by an attacker to...

6.8AI score
Exploits0
Rows per page
Query Builder