CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Positive Technologies•added 2026/04/20 12:0 a.m.•0 views

PT-2026-33772

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role id=1 into profile save requests to escalate to Super Administrator privileges,...

8.8CVSS6.2AI score0.00382EPSS

Exploits0References3

ATTACKERKB•added 2026/01/15 12:0 a.m.•2 views

CVE-2025-67081

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

4.9CVSS5.9AI score0.00043EPSS

Exploits0References3

CNVD•added 2026/01/09 12:0 a.m.•1 views

JeecgBoot loadDatarule function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot suffers from an authorization issue vulnerability that originates from improper authorization of the function...

3.1CVSS5.9AI score0.00021EPSS

Exploits1References1

RedhatCVE•added 2025/12/01 2:16 p.m.•1 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS7AI score0.00052EPSS

Exploits0References1

OSV•added 2025/11/28 7:15 a.m.•1 views

CVE-2025-66385

9.4CVSS6.9AI score

Exploits0References3

OSV•added 2025/10/22 4:46 p.m.•4 views

GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

7.2CVSS8.1AI score0.00045EPSS

Exploits1References4

Positive Technologies•added 2025/10/22 12:0 a.m.•5 views

PT-2025-43410

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 4.3.17 Description Admidio, a user management solution, contains a SQL injection issue in the member assignment data retrieval functionality. An authenticated user with role assignment permissions can execute arbitrar...

7.2CVSS8AI score0.00045EPSS

Exploits1References13

Snyk•added 2025/09/13 7:41 p.m.•5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the cancelAll process in the Role Handler component when manipulating the roleId or userIds arguments in /system/role/authUser/cancelAll. An attacker can gain unauthorized access or perform unauthorized action...

5.5CVSS7AI score0.00062EPSS

Exploits0References2

CNNVD•added 2022/04/21 12:0 a.m.•1 views

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates in /admin/siteoptions.php & action=displaygoal & value=1 & roleid= where the roleid parameter is...

9.8CVSS6.2AI score0.00264EPSS

Exploits1References2