Lucene search
+L

5 matches found

NVD
NVD
added 2026/07/07 9:17 p.m.6 views

CVE-2026-50007

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 8:53 p.m.36 views

CVE-2026-50007 Actual: Shared users can perform owner-only file management actions

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56243

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...

7.2CVSS6.1AI score0.00246EPSS
Exploits0References10
CNVD
CNVD
added 2025/12/25 12:0 a.m.8 views

Scholars Tracking System delete_user.php File SQL Injection Vulnerability

Scholars Tracking System is a scholars tracking system. Scholars Tracking System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter ID in file /admin/deleteuser.php. An attacker can exploit this vulnerability to...

9.8CVSS7.2AI score0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/17 11:32 p.m.15 views

CVE-2025-10627 SourceCodester Online Exam Form Submission delete_user.php sql injection

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/deleteuser.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may ...

6.5CVSS0.00308EPSS
Exploits1References5
Rows per page
Query Builder