Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36723 | 1 Bookcars | 1 Bookcars | 2026-06-10 | N/A |
| An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE). | ||||
| CVE-2026-36720 | 1 Bookcars | 1 Bookcars | 2026-06-10 | 8.1 High |
| Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. | ||||
| CVE-2026-36726 | 1 Bookcars | 1 Bookcars | 2026-06-10 | N/A |
| An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences. | ||||
| CVE-2026-36727 | 1 Bookcars | 1 Bookcars | 2026-06-10 | N/A |
| An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | ||||
| CVE-2026-36721 | 1 Bookcars | 1 Bookcars | 2026-06-10 | N/A |
| A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | ||||
| CVE-2026-36722 | 1 Bookcars | 1 Bookcars | 2026-06-10 | N/A |
| An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
Page 1 of 1.