PT-2026-6558

Name of the Vulnerable Software and Affected Versions Thales SafeNet Agent for Windows Logon versions 4.0.0 through 4.1.2 Description A flaw exists in the certificate validation process within SafeNet Agent for Windows Logon on Windows, potentially enabling signature spoofing. This issue stems fr...

CVE-2021-0872

In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2026-0872

Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12...

CVE-2025-0872

A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id/amount/desc/inccat leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2019-0872

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979...

CVE-2024-0872

creationtimestamp| type| source ---|---|--- 2025-02-26 18:24:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5560...

CVE-2025-0872

creationtimestamp| type| source ---|---|--- 2025-01-30 16:06:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113918161397673238 2025-01-30 16:15:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxuyn6miv2i 2025-01-30 18:27:01+00:00| seen|...

CVE-2025-0872

CVE-2025-0872 affects itsourcecode Tailoring Management System 1.0. A SQL injection vulnerability exists in /addpayment.php via manipulated id/amount/desc/inccat parameters, exploitable remotely with exploits publicly disclosed. Root cause is unsafe handling of input in the PHP file. Impact is st...

CVE-2024-0872

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2024-0872

CVE-2024-0872 affects the Watu Quiz WordPress plugin. All versions up to 3.4.1 are vulnerable via the watu-userinfo shortcode, allowing authenticated attackers with contributor-level access and above to access sensitive user metadata (including session tokens and emails). The provided documents d...

CVE-2024-0872 Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

OpenNMS Horizon 31.0.7 Remote Command Execution Exploit

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versio...

OpenNMS Horizon Authenticated RCE

This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versions 32.0.1 a...

OpenNMS Horizon 31.0.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...

CVE-2023-0872

creationtimestamp| type| source ---|---|--- 2023-08-14 22:19:41+00:00| seen| https://t.me/cibsecurity/68469 2024-03-20 20:10:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/opennmshorizonauthenticatedrce.rb 2024-03-21 21:45:46+00:00|...

CVE-2023-0872

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

CVE-2023-0872

OpenNMS Horizon CVE-2023-0872 affects Horizon REST API users endpoint in Horizon 31.0.8 and older than 32.0.2, enabling privilege elevation (to admin) via REST. The issue stems from role escalation between ROLE_REST and ROLE_ADMIN when accessing /rest/users, with confirmed guidance that upgrading...

CVE-2021-0872

CVE-2021-0872 affects Imagination Technologies PowerVR kernel driver (PowerVR-GPU) via PVRSRVBridgeRGXKickVRDM. The issue is a missing size check that enables an integer overflow, leading to out-of-bounds heap access and local escalation of privilege with no extra privileges or user interaction r...

CVE-2021-0872

In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...