Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51619

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description Improper access control in the CSV user import functionality allows a user with only the import permission to bypass user-edit authorization. By uploading a CSV file in update mode, an attacker can...

6.5CVSS5.9AI score0.00037EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 6:30 p.m.7 views

EUVD-2026-22305

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

5.8AI score0.00311EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.6 views

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

5.8AI score0.00311EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/03/24 4:27 a.m.3 views

CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References7
CVE
CVE
added 2026/03/24 4:27 a.m.23 views

CVE-2026-4283

The WP DSGVO Tools (GDPR) WordPress plugin (versions up to 3.1.38) is affected by an unauthorized account destruction flaw via the super-unsubscribe AJAX action. unauthenticated users can submit a victim email with process_now=1, bypassing the email-confirmation flow and triggering irreversible a...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.7 views

CVE-2019-16097

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...

6.5CVSS6.9AI score0.23284EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/01/31 10:33 p.m.23 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.8AI score0.00817EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.5 views

PT-2023-22123 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The issue concerns improper assignment of data access privileges for operating system user accounts in the FACSChorus software. This allows a non-administrative OS account to modify...

3.5CVSS3.7AI score0.00271EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2009/02/12 12:0 a.m.21 views

Trend Micro InterScan Web Security Suite < 3.1 Build 1237 Multiple Flaws

Trend Micro InterScan Web Security Suite is installed on the remote host. The installed version fails to restrict non-admin accounts 'Auditor' and 'Report Only' from modifying system configurations even though these accounts do not have sufficient permissions. C Tenable Network Security, Inc...

6CVSS5.6AI score0.01504EPSS
Exploits0References2
Rows per page
Query Builder