CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

188 matches found

OSV•added 2026/03/08 7:16 p.m.•4 views

CVE-2026-3762

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...

9.8CVSS5.4AI score0.00496EPSS

Exploits1References5

CNNVD•added 2026/03/08 12:0 a.m.•5 views

SourceCodester Client Database Management System 授权问题漏洞

SourceCodester Client Database Management System is an open-source client database management system developed by SourceCodester. Version 1.0 of the SourceCodester Client Database Management System has a vulnerability related to authorization issues. This vulnerability stems from incorrect handli...

5.5CVSS6AI score0.00337EPSS

Exploits1References6

CNNVD•added 2026/03/08 12:0 a.m.•4 views

SourceCodester Client Database Management System 授权问题漏洞

7.5CVSS7.1AI score0.00364EPSS

Exploits1References6

Positive Technologies•added 2026/03/08 12:0 a.m.•8 views

PT-2026-23972

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin user delete.php of the component Endpoint. Executing a manipulation of the argument user id can lead to improper authorization. The attack may be...

5.5CVSS5.5AI score0.00337EPSS

Exploits1References6

Snyk•added 2026/03/07 6:45 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the PUT /api/users/username API endpoint. An attacker can gain unauthorized elevated privileges by updating a user account to assign the super-admin role without proper validation. Remediation Upgrade...

6.9CVSS5.8AI score0.0023EPSS

Exploits0References2

Cvelist•added 2026/03/07 4:14 p.m.•29 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS0.0023EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:45 a.m.•4 views

CVE-2025-40736

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...

9.8CVSS7.6AI score0.00401EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:31 a.m.•5 views

CVE-2019-16173

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/SurveyCommonAction.php,...

5.4CVSS5.9AI score0.03674EPSS

Exploits6References1

Snyk•added 2025/12/12 4:44 p.m.•3 views

Incorrect Permission Assignment for Critical Resource

Overview xmo/mine-core is a mineadmin core package Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to login to the superAdmin account by using the default credentials. An attacker can execute arbitrary commands and gain full account...

9.8CVSS7.6AI score0.00468EPSS

Exploits0References2

Packet Storm•added 2025/12/10 12:0 a.m.•132 views

📄 Xorcom CompletePBX 5.2.35 Remote Code Execution

Xorcom CompletePBX suffers from an authenticated command injection vulnerability within the Task Scheduler subsystem. An attacker with valid superadmin credentials can create a scheduled task containing unsanitized parameters that get executed by the backend, resulting in remote command execution...

8.8CVSS7.6AI score0.03759EPSS

Exploits3

EUVD•added 2025/11/10 3:31 p.m.•5 views

EUVD-2025-44058

A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...

7.1CVSS6.5AI score0.00174EPSS

Exploits1References3

OSV•added 2025/10/30 5:22 p.m.•4 views

GHSA-G59R-24G3-H7CM Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

Impact Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This affects: - Control panel users with permission to create or edit Collections and...

8CVSS6.4AI score0.00248EPSS

Exploits0References5