CVE-2026-5652

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

Crafty Controller 安全漏洞

Crafty Controller is a Minecraft server control panel/ launcher for Arcadia. There is a security vulnerability in Crafty Controller, which stems from improper permission verification in the Users API component. This vulnerability could allow remotely authenticated attackers to execute user-modifi...

CVE-2021-27700

SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc...

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

PT-2024-10906 · Socifi · Socifi Guest Wifi

Name of the Vulnerable Software and Affected Versions: SOCIFI Socifi Guest wifi as SAAS wifi portal affected versions not specified Description: The issue concerns insecure permissions, allowing any authorized customer with partner mode to switch to another customer dashboard. This enables them t...

SOCIFI Guest wifi 安全漏洞

SOCIFI Guest wifi is a web portal of SOCIFI UK. A security vulnerability exists in SOCIFI Guest wifi. An attacker exploiting this vulnerability could switch to another guest dashboard and perform actions such as modifying users, deleting users, etc...

CVE-2024-39870

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate...

PT-2023-15400 · Ekorccp +1 · Ekorccp +1

Name of the Vulnerable Software and Affected Versions: ekorCCP affected versions not specified ekorRCI affected versions not specified Description: The issue arises due to access to the FTP service using default credentials. This can allow an attacker to modify critical files, potentially leading...

CVE-2023-2628

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

Sql injection

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...

CVE-2020-35276

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user...

Adobe Magento Improper Authorization Vulnerability

Adobe Magento is the U.S. Odobie Adobe company's set of open source PHP e-commerce system. The system provides rights management , search engine and payment gateway and other functions.Magento Open Source is the open source version of Magento.Magento Commerce is the commercial version of Magento....

Cross site request forgery (csrf)

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery CSRF vulnerability. Please be aware that the Demo application is not enabled by default...

CVE-2018-0270

A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...