CVE-2026-35610 PolarLearn has a Server Action Admin Bypass in Account Management Actions

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassworduserId, password and deleteUseruserId in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute bot...

CVE-2026-35610

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassworduserId, password and deleteUseruserId in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute bot...

CVE-2026-2076 yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

PT-2026-6882

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 Description A weakness exists due to improper authorization within the User Management Endpoint component. The issue is related to the addUser, updateUser, and...

EUVD-2020-15801

Malware in sbrugna...

EUVD-2025-27977

Malicious code in bioql PyPI...

EUVD-2023-34026

Malicious code in bioql PyPI...

CVE-2025-10623

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2025-10623

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2025-10623

The CVE-2025-10623 entry concerns SourceCodester Hotel Reservation System 1.0. The vulnerable element is the deleteuser.php file, where manipulation of the ID parameter results in an SQL injection. The vulnerability is exploitable remotely and there are public PoCs. Exploitation is supported by m...

CVE-2025-10623 SourceCodester Hotel Reservation System deleteuser.php sql injection

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and...

PT-2025-38284

Name of the Vulnerable Software and Affected Versions: SourceCodester Hotel Reservation System version 1.0 Description: A SQL injection issue exists in the deleteuser.php file due to manipulation of the ID argument. This can be exploited remotely. The exploit is publicly available. Recommendation...

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-40664

Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser...

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

CVE-2023-2547

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...

CVE-2020-23045

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...

CVE-2025-4177

The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users...

CVE-2025-0171

A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2023-6312

A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function deleteuser of the file deleteUser.php of the component Users Page. The manipulation of the argument userid leads to sql injection. It is possible to launch the atta...