7 matches found
CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
EUVD-2026-38451
FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...
CVE-2026-27604
FOSSBilling 0.5.4–0.7.x contains an authorization bypass in the API role handling that permits unauthenticated access to privileged /api/system/* endpoints. The issue maps to the system identity (cron admin), allowing admin API methods without credentials, session, or CSRF tokens. Version 0.8.0 i...
CVE-2026-27604
FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-32401)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit this vulnerability by sending the 'keyword' parameter to the messages.php file to obtain the...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30114)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'returnto' parameter to the fun.php file durin...
Wireless IP Camera (P2P) WIFICAM Remote Command Execution Vulnerability
Wireless IP Camera P2P WIFICAM is a wireless IP camera. Wireless IP Camera P2P WIFICAM Remote Command Execution Vulnerability A remote command execution vulnerability exists in insetftp.cgi in the FTP Configuration Public Gateway Interface CGI. An attacker can use the ftp administrator identity t...