Lucene search
+L

119 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-57996

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-57996 phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2026-57996

phpMyFAQ prior to 4.1.5 contains a privilege-escalation flaw in the admin/user-add endpoint. A delegated administrator with USER_ADD/EDIT/DELETE can call POST /admin/api/user/add using isSuperAdmin: true and attacker-chosen credentials to create a SuperAdmin account, enabling full instance takeov...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-57996 phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.7CVSS6.1AI score0.00246EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-44632

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-15373 Eleveo Call Recording Software userAddAction.do improper authorization

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS6.5AI score0.00256EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.13 views

CVE-2026-9431

A vulnerability was identified in Tenda F1202 1.2.0.20408. This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

9CVSS8AI score0.00438EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 5:45 a.m.10 views

CVE-2026-9431 Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow

A vulnerability was identified in Tenda F1202 1.2.0.20408. This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

9CVSS8AI score0.00438EPSS
Exploits0References5
NVD
NVD
added 2026/05/19 10:16 p.m.22 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS0.00427EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/26 4:45 p.m.40 views

CVE-2026-7054 Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The...

9CVSS0.00655EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.3 views

CVE-2025-55041

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

8CVSS5.9AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/08 12:30 p.m.8 views

EUVD-2026-10232

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...

9CVSS8AI score0.00632EPSS
Exploits1References6
NVD
NVD
added 2026/03/08 11:15 a.m.10 views

CVE-2026-3729

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...

9CVSS0.00632EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/08 10:32 a.m.26 views

CVE-2026-3729 Tenda F453 PPTPDClient fromPptpUserAdd stack-based overflow

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...

9CVSS0.00632EPSS
Exploits1References5
NVD
NVD
added 2026/02/18 9:16 p.m.9 views

CVE-2026-2668

A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The...

7.5CVSS0.00469EPSS
Exploits1References4
CVE
CVE
added 2026/02/18 8:32 p.m.12 views

CVE-2026-2668

Affected product/component: Rongzhitong Visual Integrated Command and Dispatch Platform, specifically the User Handler component (file: /dm/dispatch/user/add). Root cause (as described): Improper access controls due to manipulation. Impact: Remote attacker could exploit this via a network attack ...

7.5CVSS5.2AI score0.00469EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/18 8:32 p.m.33 views

CVE-2026-2668 Rongzhitong Visual Integrated Command and Dispatch Platform User add access control

A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The...

7.5CVSS0.00469EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

Rongzhitong Visual Integrated Command and Dispatch Platform 访问控制错误漏洞

Rongzhitong Visual Integrated Command and Dispatch Platform is an integrated command system for emergency management and public safety developed by Rongzhitong Corporation. The Rongzhitong Visual Integrated Command and Dispatch Platform versions 20260206 and earlier contained a access control...

7.5CVSS7.1AI score0.00469EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.6 views

CVE-2022-38358

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...

6.1CVSS6.3AI score0.00529EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/11/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...

9.8CVSS6.4AI score0.79135EPSS
In wildExploits2References4
Rows per page
Query Builder