CVE-2023-43901

EMSigner v2.8.7 is affected by an incorrect access control in the AdHoc User creation form that allows an unauthenticated attacker to arbitrarily modify usernames and privileges by using a registered user’s email address. The issue is tied to the AdHoc User creation flow (root cause: improper acc...

EMSigner Security Vulnerability

EMSigner is an electronic signature solution from EMSigner India. A security vulnerability exists in EMSigner version v2.8.7, which stems from an Access Control Error vulnerability in AdHoc User that allows an unauthenticated attacker to arbitrarily modify usernames and permissions using a user's...

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. A remote attacker is able to modify the usernames and email addresses of other users and thereby take over their accounts via the vulnerable user endpoint...

PT-2022-27999 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.0 Description: The issue concerns improper authorization in the usememos/memos GitHub repository. This repository is for an open-source, self-hosted memo hub that includes knowledge management and...