249 matches found
CVE-2026-15622
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...
CVE-2026-15622
The CVE-2026-15622 entry concerns poco-ai poco-claw Workspace API. Affects the function get_workspace_file in executor_manager/app/api/v1/workspace.py; manipulating the user_id parameter can bypass authorization. Impact is an authorization bypass that can be triggered remotely, with a proof-of-co...
EUVD-2026-41790
A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...
CVE-2026-9242
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...
CVE-2026-12415
The CVE concerns the WordPress plugin Invoice Generator. Vulnerable in versions up to 1.0.0 due to a missing capability check on the pravel_invoice_edit_account() AJAX action. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account and accepts attacker-controlled user_id and user_em...
EUVD-2026-39525
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
CVE-2026-12102
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'userid' parameter due to missing validation on a user controlled key...
CVE-2026-12102 UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'userid' parameter due to missing validation on a user controlled key...
CVE-2026-54396
CVE-2026-54396 describes an information disclosure in the MISP AuthKey edit functionality. When a validation error occurs, the user dropdown was populated from the attacker-controlled AuthKey.user_id in the submitted request, enabling an authenticated user with edit permission to enumerate user e...
CVE-2025-11262
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-10226 raisulislamg4 student_management_system_by_php delete.php sql injection
A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...
CVE-2025-11262
The CVE concerns the WordPress plugin Link Whisper Free (up to version 0.9.0). It is an unauthenticated stored XSS via the REST endpoint where the attacker-supplied value in the user_id parameter is persisted and later rendered in the admin UI, enabling JavaScript execution when a privileged admi...
EUVD-2025-209983
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
VulnCheck KEV: CVE-2025-11262
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-7802 Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
EUVD-2026-32706
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-7802 Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-7802
The CVE-2026-7802 entry concerns the Frontend Admin by DynamiApps WordPress plugin. Affected versions up to 3.29.2 are vulnerable to an authorization bypass that lets authenticated users with subscriber-level access and higher overwrite administrator profile fields (e.g., user_pass, user_email, n...
EUVD-2026-30820
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...
Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts
Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts Affected Component Folder creation endpoint and form model: - backend/openwebui/models/folders.py lines 72-77, FolderForm with extra='allow' - backend/openwebui/models/folders.py lines 95-106,...