Lucene search
K

6 matches found

cnnvd
cnnvd
added 2026/06/08 12:0 a.m.15 views

Bludit 安全漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit prior to 3.22.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the user management logic: when accounts were disabled, persistent authentication tokens we...

7.1CVSS5.4AI score0.00271EPSS
Exploits0References2
osv
osv
added 2026/05/05 9:29 p.m.5 views

GHSA-RR73-568V-28F8 Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References6
snyk
snyk
added 2026/04/28 8:18 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user management and authentication process. An attacker can gain unauthorized access, escalate privileges, tamper...

9.8CVSS5.7AI score0.00573EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/28 12:0 a.m.12 views

NVIDIA NVFlare Dashboard 安全漏洞

NVIDIA NVFlare Dashboard is a federal learning task management and monitoring interface developed by NVIDIA Corporation. The NVFlare Dashboard has security vulnerabilities, which stem from issues with user management and authentication systems. This allows unauthorized attackers to bypass...

9.8CVSS5.8AI score0.00573EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.13 views

PT-2026-33548

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS5.7AI score0.00441EPSS
Exploits1References5
attackerkb
attackerkb
added 2023/05/11 8:47 a.m.4 views

CVE-2022-46308

SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information...

8.8CVSS7.4AI score0.00734EPSS
Exploits0References2
Rows per page
Query Builder