Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through improper validation of the nick parameter in the user update process. An attacker can modify immutable account identifiers by intercepting and altering POST requests, potentially sabotaging audit trails,...

EUVD-2026-10160

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update...

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

WordPress plugin Resideo Plugin for Resideo - Real Estate WordPress Theme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Resideo...

CVE-2025-1667

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpspUpdateTeacher function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...

WordPress plugin MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin MarketKing - Ultimate WooCommerce Multivendor Marketplace...

Privilege Escalation

symfony/symfony is vulnerable to Privilege Escalation. The vulnerability is due to a flaw in the handling of user updates in the EntityUserProvider provided by the Doctrine bridge, allowing users to switch to another user by changing their username via a form, despite encountering a validation...

PT-2023-17235 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: When running in a High Availability configuration, Mattermost fails to sanitize some of the user updated and post deleted events broadcast to all users, leading to disclosure of sensitiv...

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

CVE-2020-15135

save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...

Revou Twitter Clone - Cross-Site Scripting / SQL Injection

ReVou Micro Blogging SQL/XSS Injection Vulnerability Author: nuclear site: http://www.revou.com/index.php SQL vuln: http://localhost/path/userupdates.php?user=test21' UNION SELECT 1,2,3,4,@@version,6,7,8/ demo:...