CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

CVE-2026-3693

Shy2593666979 AgentChat (up to 2.3.0) contains a vulnerability in the User Endpoint: get_user_info/update_user_info in /src/backend/agentchat/api/v1/user.py, where manipulating the argument user_id causes improper control of resource identifiers. The issue can be exploited remotely and an exploit...

AgentChat 安全漏洞

AgentChat is a multi-agent collaborative dialogue system based on large language models, developed by Shy2593663669. Versions of AgentChat 2.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter userid in the functions getuserinfo an...

CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...

CVE-2026-2947

CVE-2026-2947 affects rymcu forest up to version 0.0.5, specifically the updateUserInfo function in src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the User Profile Handler. The issue enables cross-site scripting due to the underlying manipulation, allowing remote execution...

CVE-2025-2089

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...

CVE-2025-21092

GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others...

PT-2024-39051 · WordPress · Rest Api To Miniprogram

Name of the Vulnerable Software and Affected Versions: REST API TO MiniProgram plugin for WordPress versions up to, and including, 4.7.1 Description: The issue allows for privilege escalation via account takeover due to missing validation on the openid user-controlled key in the updateUserInfo...

CVE-2020-35243

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...

WESEEK GROWI Cross-Site Request Forgery Vulnerability

WESEEK GROWI is a suite of team collaboration software from WESEEK Japan. A cross-site request forgery vulnerability exists in the process of updating a user's basic information in WESEEK GROWI 3.4.6 and prior versions. The vulnerability stems from the WEB application not adequately verifying tha...