Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/03 9:53 p.m.4 views

CVE-2026-27012

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS6AI score0.00537EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:43 p.m.10 views

OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php

Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...

9.8CVSS6AI score0.00537EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:0 a.m.5 views

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

4.2CVSS5.4AI score0.00244EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 12:0 a.m.2 views

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

4.2CVSS5.3AI score0.00244EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.7 views

SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm36 / perl-slurm / slurm / etc (SUSE-SU-2025:02779-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02779-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to...

4.2CVSS5.8AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.7 views

CVE-2025-11620 Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

7.2CVSS0.00315EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 8:27 a.m.5 views

EUVD-2025-197949

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

7.2CVSS4.7AI score0.00315EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/30 12:0 a.m.4 views

SUSE SLES12 Security Update : slurm_22_05 (SUSE-SU-2025:01755-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01755-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to...

4.2CVSS5.5AI score0.00244EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/30 12:0 a.m.15 views

SUSE SLES12 Security Update : slurm_23_02 (SUSE-SU-2025:01752-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01752-1 advisory. - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to...

4.2CVSS5.5AI score0.00244EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/05/29 4:8 p.m.5 views

Security update for slurm_24_11

This update for slurm2411 fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixe...

8.5CVSS6.8AI score0.00244EPSS
Exploits0References4
OSV
OSV
added 2025/05/29 2:54 p.m.4 views

SUSE-SU-2025:01760-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666...

4.2CVSS7AI score0.00244EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/05/29 2:54 p.m.4 views

Security update for slurm

This update for slurm fixes the following issues: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

8.5CVSS6.5AI score0.00244EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/05/29 12:53 p.m.2 views

Security update for slurm

This update for slurm fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixed:...

8.5CVSS7.4AI score0.00244EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 6:15 p.m.12 views

Cross site request forgery (csrf)

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

5.8CVSS7.3AI score0.0037EPSS
Exploits1References2
Rows per page
Query Builder