12 matches found
CVE-2026-57945
PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...
CVE-2026-57945 PhotoPrism - Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint
PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTTP requests to affected...
Incorrect Authorization
Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTT...
EUVD-2026-9005
A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...
CVE-2025-64349 ELOG user profile missing authorization
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...
CVE-2024-10528 Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wpajaxumresizeimage and ajaxresizeimage functions in all versions ...
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...
CVE-2022-46365
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...
Multiple TP-Link Wireless Extenders Unauthorized Profile Leakage Vulnerability
TP-Link WA850RE and others are all TP-Link's wireless extenders. A number of wireless extenders have unauthorized profile disclosure vulnerabilities, which can be exploited by remote attackers to access specific routes to unauthorized download of the target device's configuration file, which is...
Siemens SINEC NMS 安全漏洞
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A user profile change vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability can be exploited by an attacker to change the user profile of any user without proper...
PT-2019-11675 · WordPress · Ultimate Member
Name of the Vulnerable Software and Affected Versions: Ultimate Member plugin version 2.39 Description: An issue in the Ultimate Member plugin for WordPress allows unauthorized modification of user profiles and cover pictures. Once connected, an attacker can modify the profile and cover picture o...