CVE-2026-6584 TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...

CVE-2026-6584

The CVE concerns TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the update_user function in superagi/controllers/user.py, where manipulating the user_id parameter leads to an authorization bypass. Impact is reported as a remote attack with publicly available exploit. Supporte...

NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner

Summary A race condition vulnerability allows authenticated admin-privileged users to escalate to owner privilege. Details The vulnerability exists in the updateUser function, which is connected to the /users/userId PUT request. This function then calls the SaveOrAddUsers function, which checks t...

EUVD-2024-38917

Malicious code in bioql PyPI...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Applications Manager versions 174000 and prior Description: The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated numbe...

bookstore 代码注入漏洞

bookstore is an e-commerce bookstore system by donglight individual developer. A code injection vulnerability exists in bookstore version 1.0.0, which originates from the updateUser function in the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java, which can lead t...

PT-2025-2055 · Unknown · Donglight Bookstore电商书城系统说明

Name of the Vulnerable Software and Affected Versions: donglight bookstore电商书城系统说明 version 1.0.0 Description: A vulnerability was found in the updateUser function of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

Design/Logic Flaw

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...