GHSA-Q537-QHJ4-WCJX OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

CVE-2026-9579

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

EUVD-2026-31973

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

CVE-2026-9579 JeecgBoot SysUser userEdit user.getUsername access control

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

CVE-2026-9579 JeecgBoot SysUser userEdit user.getUsername access control

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

CVE-2026-9579

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

EUVD-2025-33780

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-11585 code-projects Project Monitoring System useredit.php sql injection

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-11585 code-projects Project Monitoring System useredit.php sql injection

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

Code-Projects Project Monitoring System SQL注入漏洞

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...

PT-2025-41605

Name of the Vulnerable Software and Affected Versions code-projects Project Monitoring System version 1.0 Description A SQL injection issue exists in the Project Monitoring System 1.0. The flaw is located in an unknown function within the /useredit.php script. Manipulation of the uid parameter...

EUVD-2005-2050

Malware in sbrugna...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery Vulnerability

enteliTouch CSRF CSRF Add User: input type=...

ClipShare 2.6 Remote User Password Change Exploit

No description provided by source. !/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User Passord...

CVE-2007-2017

siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request...