ReportizFlow
Filtered by vendor Bookcars
Subscriptions
Filtered by product Bookcars
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36722 | 1 Bookcars | 1 Bookcars | 2026-06-11 | 5.4 Medium |
| An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2026-36726 | 1 Bookcars | 1 Bookcars | 2026-06-11 | 5.3 Medium |
| An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences. | ||||
| CVE-2026-36727 | 1 Bookcars | 1 Bookcars | 2026-06-11 | 9.1 Critical |
| An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | ||||
| CVE-2026-36723 | 1 Bookcars | 1 Bookcars | 2026-06-10 | 8.8 High |
| An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE). | ||||
| CVE-2026-36721 | 1 Bookcars | 1 Bookcars | 2026-06-10 | 9.8 Critical |
| A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | ||||
| CVE-2026-36720 | 1 Bookcars | 1 Bookcars | 2026-06-10 | 8.1 High |
| Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. | ||||
Page 1 of 1.