422 matches found
PT-2026-56575
Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component allow an unauthenticated attacker with network access to cause a denial of service DoS condition or...
CVE-2026-46680 containerd user ID handling bypass allows runAsNonRoot evasion
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
EUVD-2026-40906
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...
PSF-2026-32
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
EUVD-2026-40045
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
EUVD-2026-39982
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...
CVE-2026-54105
The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...
EUVD-2026-37912
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...
EUVD-2025-210214
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2016-10884
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072
CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....
CVE-2026-54396
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...
CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...
EUVD-2026-35877
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...
CVE-2026-53673
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...
CVE-2026-53673 BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...
CVE-2026-53673
CVE-2026-53673 affects BuddyPress 14.4.0. The issue is an insecure direct object reference in the messages REST API where a user_id parameter can be supplied to read, reply to, or delete private messages. Attackers can pass another user’s identifier to get_item_permissions_check (which validates ...
CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...
About Remote Code Execution - PAN-OS (CVE-2026-0300) vulnerability
About Remote Code Execution - PAN-OS CVE-2026-0300 vulnerability. PAN-OS is an operating system for Palo Alto Networks firewalls and security platforms. User-ID™ Authentication Portal also known as Captive Portal is a non-default PAN-OS feature used to map IP addresses to usernames. By exploiting...