Lucene search
+L

12 matches found

nvd
nvd
added 2026/06/29 6:16 p.m.10 views

CVE-2026-57945

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...

5.3CVSS0.0019EPSS
Exploits0References3
osv
osv
added 2026/06/29 5:18 p.m.5 views

CVE-2026-57945 PhotoPrism - Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...

5.3CVSS6AI score0.0019EPSS
Exploits0References6
snyk
snyk
added 2026/04/17 10:0 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTTP requests to affected...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
snyk
snyk
added 2026/04/17 10:0 p.m.11 views

Incorrect Authorization

Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTT...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
euvd
euvd
added 2026/02/27 9:30 a.m.11 views

EUVD-2026-9005

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

4.9CVSS5.8AI score0.00307EPSS
Exploits0References5
osv
osv
added 2025/10/31 6:31 p.m.4 views

CVE-2025-64349 ELOG user profile missing authorization

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

8.7CVSS6AI score0.00342EPSS
Exploits0References6
osv
osv
added 2024/11/21 5:33 a.m.7 views

CVE-2024-10528 Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wpajaxumresizeimage and ajaxresizeimage functions in all versions ...

4.3CVSS7.2AI score0.00564EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2024/11/12 12:0 a.m.13 views

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

6.8AI score0.00429EPSS
Exploits0References1
nvd
nvd
added 2023/05/01 3:15 p.m.33 views

CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...

9.1CVSS9.1AI score0.01475EPSS
Exploits0References1
cnvd
cnvd
added 2022/06/28 12:0 a.m.23 views

Multiple TP-Link Wireless Extenders Unauthorized Profile Leakage Vulnerability

TP-Link WA850RE and others are all TP-Link's wireless extenders. A number of wireless extenders have unauthorized profile disclosure vulnerabilities, which can be exploited by remote attackers to access specific routes to unauthorized download of the target device's configuration file, which is...

3AI score
Exploits0
cnnvd
cnnvd
added 2021/10/12 12:0 a.m.5 views

Siemens SINEC NMS 安全漏洞

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A user profile change vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability can be exploited by an attacker to change the user profile of any user without proper...

6.5CVSS5.7AI score0.006EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2019/06/24 12:0 a.m.6 views

PT-2019-11675 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: Ultimate Member plugin version 2.39 Description: An issue in the Ultimate Member plugin for WordPress allows unauthorized modification of user profiles and cover pictures. Once connected, an attacker can modify the profile and cover picture o...

4.3CVSS4.5AI score0.00861EPSS
Exploits0References4
Rows per page
Query Builder