The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including thos
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect ho
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete ar
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unaut
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-priv
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. Th
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could o
Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Cop
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an a
A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/a
A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to i
Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45.
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthori
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated p
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manip
This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vu
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.
Page 1+ Next →