Lucene search
+L

5 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-44950

Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such...

8.8CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 9:25 p.m.4 views

CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5864

Malicious code in bioql PyPI...

4.9CVSS5.5AI score0.00917EPSS
Exploits1References4
OSV
OSV
added 2021/09/27 4:15 p.m.10 views

CVE-2021-36877

Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to modify user roles...

6.5CVSS5.8AI score0.00428EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.22 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0...

4.3CVSS0.5AI score0.00428EPSS
Exploits1Affected Software1
Rows per page
Query Builder