CVE-2026-9851 Booking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

CVE-2026-9851 Booking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

CVE-2026-9851

The CVE-2026-9851 entry concerns the Booking Package plugin for WordPress (versions up to 1.7.16). The vulnerability arises from a missing capability check in the updateUser branch of the package_app_action AJAX endpoint, where the handler only validates a nonce and Schedule::updateUser() is invo...

BIT-MONGODB-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

CVE-2026-6915

Technical details (affected product/version, root cause specifics, exploit information) are not publicly provided in the supplied documents. Monitor for updates from official CVE/NVD feeds for additional concrete details.

Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the updateUser function, specifically when handling concurrent requests. that exploit. An attacker can gain higher-level privileges by sending multiple simultaneous requests that manipulate user roles during a timing g...

PT-2026-6882

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 Description A weakness exists due to improper authorization within the User Management Endpoint component. The issue is related to the addUser, updateUser, and...

CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...

CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...

CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...

CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 is affected by an unauthenticated privilege escalation in the updateUser object. The issue allows attackers to modify user roles by abusing the /messagebroker/amf endpoint without authentication, enabling privilege elevation and potential account takeove...

CVE-2020-36892 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...

Eibiz i-Media Server Digital Signage 访问控制错误漏洞

Eibiz i-Media Server Digital Signage is a digital signage server from Eibiz Thailand. An access control error vulnerability exists in Eibiz i-Media Server Digital Signage version 3.8.0, which stems from the existence of elevation of privilege in the updateUser object, which could lead to account...

EUVD-2002-0768

Malware in sbrugna...

EUVD-2025-27977

Malicious code in bioql PyPI...

CVE-2025-40664

Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser...

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...