2 matches found
EUVD-2026-40155
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...
[waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2
================================================================================ waraxe-2004-SA004 ================================================================================ Multiple vulnerabilities in XMB 1.8 Partagium Final SP2...