15 matches found
CVE-2026-6584 TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...
CVE-2026-3761
SourceCodester Client Database Management System 1.0 contains a flaw in the /superadmin_user_delete.php endpoint where manipulating the user_id parameter leads to improper authorization. The issue can be exploited remotely and the exploit has been published. Affects the described component; CVSS ...
EUVD-2005-2313
Malware in sbrugna...
EUVD-2024-16270
Malicious code in bioql PyPI...
CVE-2025-7886
A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument userid leads to sql injection. It...
CVE-2025-6160 SourceCodester Client Database Management System user_customer_create_order.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /usercustomercreateorder.php. The manipulation of the argument userid leads to sql injection. The attack may be initiat...
CVE-2008-7309
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost userid value via a modified URL, related to a "mass assignment" vulnerability...
CVE-2024-7040 Improper Access Control in open-webui/open-webui
In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the userid parameter, it is possible to view the chats of any administrator,...
CVE-2025-1831 zj1983 zz ZorgAction.java GetDBUser sql injection
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-1831
Affects zj1983 zz (versions up to 2024-8). The GetDBUser function in src/main/java/com/futvan/z/system/zorg/ZorgAction.java is vulnerable to SQL injection via the user_id argument. The issue can be exploited remotely, and public disclosure exists. Multiple connected sources (Red Hat, CVE feeds, C...
CVE-2024-51559
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...
CVE-2024-2534 MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...
Improper access control
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file editupdate.php of the component Password Handler. The manipulation of the argument userid leads to improper access controls. The atta...