Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

134 matches found

EUVD
EUVDadded 2026/05/17 12:11 p.m.7 views

EUVD-2018-21860

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...

5.3CVSS5.7AI score0.00006EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/17 12:11 p.m.32 views

CVE-2018-25337 Joomla JoomOCShop 1.0 Cross-Site Request Forgery

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...

5.3CVSS0.00006EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/10 3:31 p.m.3 views

EUVD-2021-34806

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...

6.9CVSS5.7AI score0.00038EPSS
Exploits0References5
Snyk
Snykadded 2026/05/10 2:19 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /account/edit endpoint. An attacker can alter account details, such as email addresses, by tricking users into visiting malicious pages, and subsequentl...

8.3CVSS5.8AI score0.00038EPSS
Exploits0References2
NVD
NVDadded 2026/05/10 1:16 p.m.6 views

CVE-2021-47946

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

6.9CVSS0.00038EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/10 12:44 p.m.26 views

CVE-2021-47946 OpenCart 3.0.3.6 Account Takeover via Cross Site Request Forgery

OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...

6.9CVSS0.00038EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/10 12:0 a.m.3 views

OpenCart 跨站请求伪造漏洞

OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.36 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the /account/edi...

6.9CVSS5.7AI score0.00038EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/10 12:0 a.m.5 views

PT-2026-39520

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...

6.9CVSS5.7AI score0.00038EPSS
Exploits0References5
Snyk
Snykadded 2026/04/16 1:35 a.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the GymConfigUpdateView. An attacker can gain unauthorized control over installation-wide configuration and modify other users' records by submitting changes to the /config/gym-config/edit endpoint as a...

7.6CVSS5.8AI score0.00015EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/12 12:28 p.m.0 views

CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

7.1CVSS5.9AI score0.00033EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/12 12:0 a.m.1 views

PT-2026-32177

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

7.1CVSS5.9AI score0.00033EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/31 9:18 p.m.0 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS5.8AI score0.00409EPSS
Exploits1References3
OSV
OSVadded 2026/03/31 9:18 p.m.0 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS5.8AI score0.00409EPSS
Exploits1References5
EUVD
EUVDadded 2026/03/16 3:30 p.m.3 views

EUVD-2016-10825

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS5.7AI score0.00059EPSS
Exploits2References4
NVD
NVDadded 2026/03/16 2:17 p.m.0 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00059EPSS
Exploits2References3
NVD
NVDadded 2026/03/16 2:17 p.m.0 views

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS0.0004EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2026/03/16 12:0 a.m.3 views

PT-2026-25732

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.0004EPSS
Exploits2References4
CVE
CVEadded 2026/03/15 6:34 p.m.3 views

CVE-2016-20035

Wowza Streaming Engine 4.5.0 is affected by a CSRF vulnerability via the user edit endpoint that lets an attacker craft pages to cause admin actions (e.g., creating admin accounts with arbitrary credentials). The issue arises from insufficient request validation, enabling an authenticated session...

6.9CVSS5.7AI score0.00059EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/15 6:34 p.m.2 views

CVE-2016-20034 Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

8.8CVSS5.8AI score0.0004EPSS
Exploits2References3
Cvelist
Cvelistadded 2026/03/15 6:34 p.m.17 views

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

6.9CVSS0.00059EPSS
Exploits2References3
Rows per page
Query Builder