Search Results (1 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57945 1 Photoprism 1 Photoprism 2026-07-01 4.3 Medium
PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PUT users API endpoint to overwrite another user's profile details without authorization.