CVE-2026-42843

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...

CVE-2026-10861

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

CVE-2026-42843

The CVE-2026-42843 entry concerns Grav API Plugin for Grav CMS. It describes an insecure direct object reference and logic flaw in UsersController::update that lets any authenticated API user with api.access modify their own permission configuration, potentially escalating to Super Administrator ...

Incorrect Authorization

Craft CMS is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks in the UsersController-actionImpersonateWithToken functionality, which allows an attacker to abuse shared or low-privileged access to gain administrative privileges...

CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

Summary A low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing UsersController-actionImpersonateWithToken. Affected users should update to Craft 4.17.6 and 5.9.12 to mitigate the issue. Details This vulnerability allows any...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...

EUVD-2025-30373

Malicious code in bioql PyPI...

CVE-2025-10762

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

CVE-2025-10762

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

CVE-2025-10762 kuaifan DooTask UsersController.php sql injection

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

CVE-2022-29534

An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header...

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

GHSA-RP28-MVQ3-WF8J Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

CVE-2025-2304 Camaleon CMS Privilege Escalation

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

CVE-2025-2304

CVE-2025-2304 describes a mass-assignment vulnerability in Camaleon CMS where the updated_ajax action in UsersController uses params.require(:user).permit! and thus accepts unfiltered keys. Exploitation paths documented in connected sources show an authenticated user can inject password[role]=adm...

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

CVE-2024-48322

CVE-2024-48322 affects Run.codes, specifically versions 1.5.2 and older. The vulnerability is a reset password race condition in the file UsersController.php , with confirmed impact described as a race condition in reset password workflows. Public sources across NVD, Red Hat, OSV, CNNVD and CVE l...

CVE-2024-48322

UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability...

Privilege Escalation

craftcms/cms is vulnerable to Privilege Escalation. The vulnerability is due to the actionSave function within ElementsController.php, because there are no checks for save permissions before and after applying POST params to the element, as well as the actionSaveUser function within...