Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.6 views

Duplicate Advisory: phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cx3-2qx2-3g6w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId...

5.4CVSS5.5AI score0.0004EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/05/15 7:17 p.m.9 views

CVE-2026-46365

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

5.4CVSS0.0004EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 6:36 p.m.6 views

EUVD-2026-30600

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

5.4CVSS5.9AI score0.0004EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.4 views

CVE-2026-46365

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

5.4CVSS5.9AI score0.0004EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.28 views

CVE-2026-46365 phpMyFAQ - Missing Authorization in Tag Deletion Endpoint

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

5.4CVSS0.0004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41367

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

5.4CVSS5.9AI score0.0004EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/07 6:30 p.m.2 views

EUVD-2025-38272

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

6.2AI score0.00095EPSS
Exploits1References3
OSV
OSV
added 2023/07/26 2:15 p.m.3 views

CVE-2023-39156

A cross-site request forgery CSRF vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags...

5.3CVSS5.7AI score
Exploits0References2
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.1 views

XWiki Platform 跨站请求伪造漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from XWiki France. XWiki Platform suffers from a cross-site request forgery vulnerability that stems from susceptibility to cross-site request forgery CSRF attacks. An attacker could exploit the vulnerability ...

7.4CVSS7.1AI score0.00864EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/07/10 4:32 a.m.13 views

New Relic: Restricted user can add and delete tags of APM key transactions

Description Within APM after you setup a connection, there is the ability for you to mark a "key transaction" which will then populate data on the Key Transactions page in APM. On this page, there is the ability for an admin to hover over the tag icon and add a tag to the name of the key...

0.5AI score
Exploits0
CNVD
CNVD
added 2018/11/26 12:0 a.m.0 views

Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26787)

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'delete tags' function of the Dynamiccontenttags.php file in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this...

8.8CVSS9.1AI score0.00244EPSS
Exploits0References1
Rows per page
Query Builder