CVE-2026-11519

The CVE concerns SourceCodester Inventory System 1.0, affecting /Product_Inventory/api/users_handler.php in the Account Creation Handler. The ROLE parameter manipulation causes improper authorization, enabling remote exploitation. Public exploit exists. Technical details specify network attack ve...

WordPress Plugin WP Activity Log Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-38760

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component...

CVE-2021-41325

CVE-2021-41325 affects Pydio Cells 2.2.9. It has broken access control allowing remote anonymous users to create standard accounts via the profile parameter, and can grant admin permissions via the Roles parameter. This enables unauthorized account creation and potential privilege elevation. Reme...

openstack-keystone: OAuth1 request token authorize silently ignores roles parameter

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...