187 matches found
PT-2026-27215
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4...
CVE-2026-31836
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any...
CVE-2026-31836
CVE-2026-31836 affects Checkmate (open-source self-hosted tool). Versions up to and including 3.5.1 contain a mass assignment vulnerability in the user profile update endpoint, allowing any authenticated user to escalate to superadmin and bypass RBAC. This grants complete administrative access (v...
CVE-2026-31836 Mass Assignment Privilege Escalation in Checkmate
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any...
CVE-2026-31836 Mass Assignment Privilege Escalation in Checkmate
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any...
CVE-2026-31836 Mass Assignment Privilege Escalation in Checkmate
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any...
EUVD-2016-10811
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...
CVE-2016-20028
CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...
PT-2026-25726
Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0 Description The software contains a cross-site request forgery issue that allows attackers to perform administrative actions by deceiving authenticated users into visiting malicious websites. Specifically,...
EUVD-2026-10531
An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...
CVE-2026-3761
A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...
CVE-2026-3764
A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...
EUVD-2026-10265
A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...
CVE-2026-3764
A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...
CVE-2026-3764
A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...
CVE-2026-3762
A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...