CVE-2026-6584

The CVE concerns TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the update_user function in superagi/controllers/user.py, where manipulating the user_id parameter leads to an authorization bypass. Impact is reported as a remote attack with publicly available exploit. Supporte...

CVE-2026-6584 TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...

NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner

Summary A race condition vulnerability allows authenticated admin-privileged users to escalate to owner privilege. Details The vulnerability exists in the updateUser function, which is connected to the /users/userId PUT request. This function then calls the SaveOrAddUsers function, which checks t...

EUVD-2024-38917

Malicious code in bioql PyPI...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Applications Manager versions 174000 and prior Description: The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated numbe...

PT-2025-2055 · Unknown · Donglight Bookstore电商书城系统说明

Name of the Vulnerable Software and Affected Versions: donglight bookstore电商书城系统说明 version 1.0.0 Description: A vulnerability was found in the updateUser function of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site...

bookstore 代码注入漏洞

bookstore is an e-commerce bookstore system by donglight individual developer. A code injection vulnerability exists in bookstore version 1.0.0, which originates from the updateUser function in the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java, which can lead t...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

Design/Logic Flaw

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...