14 matches found
CVE-2026-27012
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...
CVE-2025-43904
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...
CVE-2025-43904
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...
SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm36 / perl-slurm / slurm / etc (SUSE-SU-2025:02779-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02779-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to...
CVE-2025-11620 Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
EUVD-2025-197949
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
SUSE SLES12 Security Update : slurm_22_05 (SUSE-SU-2025:01755-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01755-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to...
SUSE SLES12 Security Update : slurm_23_02 (SUSE-SU-2025:01752-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01752-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to...
Security update for slurm_24_11
This update for slurm2411 fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixe...
SUSE-SU-2025:01760-1 Security update for slurm
This update for slurm fixes the following issues: - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666...
Security update for slurm
This update for slurm fixes the following issues: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Patch Instructions: To install this SUSE update use the SUSE recommended installati...
Security update for slurm
This update for slurm fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixed:...
Cross site request forgery (csrf)
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...