91 matches found
CVE-2026-22313 OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...
CVE-2026-48136
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
CVE-2026-26289
CVE-2026-26289 affects PowerSYSTEM Center: the REST API endpoint used for device account export has incorrect authorization, permitting an authenticated user with limited permissions to access data normally restricted to administrators. The issue exposes sensitive information and is backed by hig...
PT-2026-40435
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
EUVD-2026-22659
October CMS has Stored XSS in Backend Editor Markup Classes...
CVE-2026-33915
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::requestauthorizationcheck call that every other data-modifying route in the standard API uses. This...
Command Injection
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection in the community package installation functionality. An attacker can execute arbitrary system commands by supplying crafted input as an authenticated user with administrative...
CVE-2026-21893 n8n Vulnerable to Command Injection in Community Package Installation
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...
CVE-2025-62004
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
EUVD-2025-198305
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
EUVD-2017-11826
Malware in sbrugna...
EUVD-2019-9493
Malware in sbrugna...
EUVD-2020-21408
Malware in sbrugna...
EUVD-2018-6671
Malware in sbrugna...
EUVD-2016-7046
Malware in sbrugna...
EUVD-2025-20794
Malicious code in bioql PyPI...
EUVD-2021-34004
Malicious code in bioql PyPI...
EUVD-2025-22954
Malicious code in bioql PyPI...
EUVD-2022-35436
Malicious code in bioql PyPI...