Lucene search
K

629 matches found

Cvelist
Cvelist
added 14 hours ago7 views

CVE-2026-11963 User Registration & Membership < 5.2.2 - Subscriber+ Cross-User Role and Membership Tier Modification via IDOR

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

Exploits0References1
Nuclei
Nuclei
added 15 hours ago35 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS6.1AI score0.00711EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago9 views

LearnPress < 4.3.7 - Information Disclosure

LearnPress WordPress plugin 4.3.7 contains an information disclosure vulnerability caused by missing capability checks on a REST endpoint, letting unauthenticated visitors retrieve sensitive user role and capability data via crafted requests. id: CVE-2026-8383 info: name: LearnPress 4.3.7 -...

5.3CVSS6.1AI score0.00424EPSS
Exploits0References2
EUVD
EUVD
added 19 hours ago10 views

EUVD-2026-43250

A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

6.5CVSS6.2AI score
Exploits0References6
Nuclei
Nuclei
added 2 days ago186 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

10CVSS7.1AI score0.99838EPSS
Exploits21References5
CVE
CVE
added 3 days ago5 views

CVE-2026-56279

Capgo before 12.128.2 is affected by an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users’ organization membersh...

8.7CVSS6.2AI score0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Aqua aqua allows PHP Local File Inclusion.This issue affects Aqua: from n/a through = 5.1.2...

7.5CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2026/07/04 9:17 p.m.11 views

CVE-2024-1248

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

5.3CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/04 8:38 p.m.17 views

CVE-2024-1248

The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...

5.3CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/04 8:38 p.m.30 views

CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:46 p.m.33 views

CVE-2026-13211 Genucenter Disclosure of SNMP Credentials

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:0 a.m.9 views

EUVD-2026-38696

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:21 p.m.12 views

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:0 a.m.16 views

CVE-2026-8383

The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...

5.3CVSS5.2AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 6:0 a.m.31 views

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50244

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. CVE-2026-9747 Note that Nessus relies on the presence of...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35863

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.12 views

CVE-2026-9747

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS0.0027EPSS
Exploits0References1
Rows per page
Query Builder