Lucene search
K

153 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:32 p.m.7 views

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.5CVSS7AI score0.00679EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 a.m.9 views

CVE-2017-11179

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...

6.1CVSS5.9AI score0.00632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:4 p.m.6 views

CVE-2003-0732

CiscoWorks Common Management Foundation CMF 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages...

10CVSS7AI score0.01976EPSS
Exploits1References1
CVE
CVE
added 2025/04/15 8:42 a.m.52 views

CVE-2025-3578

The CVE-2025-3578 vulnerability in Aidex affects versions prior to 1.7 and can be exploited by an authenticated user to list credentials of other users, create or modify users, and disclose sensitive information from production/development environments. It enables exfiltration of details about th...

9.3CVSS6.4AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2025/03/11 6:15 p.m.4 views

DEBIAN-CVE-2025-25748

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions e.g., modifying user passwords on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disput...

7.3CVSS5.3AI score0.00395EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:4 a.m.8 views

CVE-2024-10008

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes ...

8.8CVSS8.5AI score0.00623EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/04 7:28 p.m.31 views

CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS8.7AI score0.00604EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 7:28 p.m.96 views

CVE-2025-24968

CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...

8.8CVSS6.8AI score0.00604EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/11/26 3:15 p.m.15 views

CVE-2024-22117

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding...

2.2CVSS6.6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/29 5:32 a.m.11 views

CVE-2024-10008 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes ...

8.8CVSS7AI score0.00623EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.2 views

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

5.4AI score0.00442EPSS
Exploits1References2
NVD
NVD
added 2024/09/04 7:15 a.m.32 views

CVE-2024-8121

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpextchangeadminname function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, wi...

5.4CVSS0.00323EPSS
Exploits0References3
Veracode
Veracode
added 2024/08/12 10:24 a.m.12 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to disallow the modification of local channels by a remote, when shared channels are enabled. This allows a malicious remote user to make an arbitrary local channel...

4.3CVSS6.7AI score0.00276EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.4 views

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R setModifyVpnUser method, which can be exploited by an attacker to execute arbitrary commands...

8.8CVSS8AI score0.01661EPSS
Exploits1References2
CNVD
CNVD
added 2024/08/05 12:0 a.m.4 views

Unspecified Vulnerability in Mattermost (CNVD-2024-35160)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to disable modification of local users when synchronizing users in a shared channel. An attacker could use the vulnerability t...

7.4CVSS6.4AI score0.00296EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/08/01 3:32 p.m.16 views

Mattermost failed to disallow the modification of local users when syncing users in shared channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user...

7.4CVSS6.7AI score0.00296EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/08/01 2:5 p.m.61 views

CVE-2024-36492

Mattermost Server CVE-2024-36492 affects versions 9.9.x ≤ 9.9.0, 9.5.x ≤ 9.5.6, 9.7.x ≤ 9.7.5, and 9.8.x ≤ 9.8.1. The vulnerability is a failure to disallow modification of local users when syncing users in shared channels, enabling a malicious remote to overwrite an existing local user. No explo...

7.4CVSS6.8AI score0.00296EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.7 views

Siemens SINEMA Remote Connect 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server, which can be exploited by an...

7.8CVSS7AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2024/06/06 9:30 p.m.17 views

GHSA-9X88-4JG8-4VF7 Improper authorization in zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS6.2AI score0.00623EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/06/06 6:25 p.m.35 views

CVE-2024-2035 Improper Authorization in zenml-io/zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS0.00623EPSS
Exploits1References2
Rows per page
Query Builder