CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Snyk•added 2026/04/10 7:49 p.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the PUT /user route. An attacker can gain full administrative privileges by using a read-only access token to change the administrator's password, then logging in to obtain an unrestricted session token that...

8.8CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29446

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS

Exploits0References5

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-175746

Malicious code in user-route-fast-easy-sigma npm...

6.6AI score

Exploits0

GithubExploit•added 2025/07/29 4:16 p.m.•118 views

Exploit for CVE-2025-54962

🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...

6.4CVSS6.3AI score0.00224EPSS

Exploits1

Positive Technologies•added 2023/01/16 12:0 a.m.•2 views

PT-2023-10234 · Unknown · Picturethiswebserver

Name of the Vulnerable Software and Affected Versions: PictureThisWebServer affected versions not specified Description: A critical issue affects the function router.post of the file routes/user.js. The manipulation of the arguments username and password leads to sql injection. Recommendations:...

9.8CVSS6.3AI score0.00687EPSS

Exploits0References8