CVE-2026-32707

creationtimestamp| type| source ---|---|--- 2026-05-08 15:00:06+00:00| published-proof-of-concept| Telegram/bpwD1lFGrjpZJE8nZPfkQ7he0n0Dc1Zua8DNoZEQncgtG5Y...

Exploit for Stack-based Buffer Overflow in Dronecode Px4_Drone_Autopilot

!CVE-2026-32707https://img.shields.io/badge/CVE-2026--32707-...

CVE-2026-32707

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

CVE-2025-32707

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally...

CVE-2025-32707

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally...

CVE-2025-32707

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally...

CVE-2025-32707 NTFS Elevation of Privilege Vulnerability

...

CVE-2025-32707 NTFS Elevation of Privilege Vulnerability

...

CVE-2025-32707

creationtimestamp| type| source ---|---|--- 2025-05-13 16:27:02+00:00| seen| https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review 2025-05-13 17:35:27+00:00| seen| https://infosec.exchange/users/wdormann/statuses/114501728799559171 2025-05-13 17:45:43+00:00| seen|...

CVE-2024-32707 WordPress Image Slider plugin <= 1.1.125 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125...

CVE-2024-32707

CVE-2024-32707 is a Stored XSS in the GhozyLab Image Slider Widget for WordPress, affecting Image Slider Widget versions up to 1.1.125. Root cause is improper neutralization of input during web page generation. The cited sources confirm the vulnerability and affected component but do not provide ...

CVE-2024-32707 WordPress Image Slider plugin <= 1.1.125 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125...

WordPress Image Slider Widget Plugin <= 1.1.127 is vulnerable to Cross Site Scripting (XSS)

Software Image Slider Widget Type Plugin Vulnerable versions = 1.1.127 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32707 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8c3a71e7d4db Credits Jean Tirstan T Required privilege...

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

Exploit for Improper Authorization in Splunk

CVE-2023-32707 An improved POC exploit based on the reported C...

Splunk "edit_user" Capability Privilege Escalation

A low-privileged user who holds a role that has the "edituser" capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the "edituser" capability does not honor the "grantableRoles" setting in the authorize.con...

Splunk 9.0.5 - admin account take over

!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...

Splunk Enterprise Account Takeover Exploit

Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edituser capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests...

Splunk Enterprise Account Takeover

https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md !/usr/bin/env python3 Splunk admin account take over exploit - CVE-2023-32707 Author: Redway Security Discovery: Santiago Lopez Vendor Description: A low-privilege user who holds a role that has the edituser capability...

CVE-2023-32707

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edituser’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted w...