3977 matches found
UliCMS 安全漏洞
UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A security vulnerability exists in UliCMS version 2023.1, which stems from an improper bulk assignment in UserController that could lead to authentication bypa...
PT-2025-51952
Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1 Description An authentication bypass allows unauthenticated attackers to create administrative users. This is possible through mass assignment in the UserController by sending a crafted POST request to the ''index.php''...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the processing of ArgoCD Custom Resources. A namespace admin can gain elevated privileges and execute arbitrary workloads with root access on master nodes by crafting malicious custom resources after...
EUVD-2025-203232
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...
AZL-71420 CVE-2025-40251 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific rateleafparentset or...
CVE-2025-40231 vsock: fix lock inversion in vsock_assign_transport()
In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...
Insecure Direct Object Reference (IDOR)
com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...
Physical ID-Transfer Attacks against Multi-Object Tracking Via Adversarial Trajectory
Multi-Object Tracking MOT is a critical task in computer vision, with applications ranging from surveillance systems to autonomous driving. However, threats to MOT algorithms have yet been widely studied. In particular, incorrect association between the tracked objects and their assigned IDs can...
PT-2025-48210
Name of the Vulnerable Software and Affected Versions VIPRE Advanced Security for PC affected versions not specified Description A local attacker can gain higher-level access on systems running VIPRE Advanced Security for PC. To exploit this, an attacker must first be able to run code with limite...
GO-2025-4153 Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana
Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
ROS-20251125-06
A vulnerability in the Moodle virtual learning environment is related to the disclosure of hidden group names to users, who have permission to create events in the calendar. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected...
Linux Distros Unpatched Vulnerability : CVE-2025-62401
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an...
SOPlanning 安全漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.55 that stems from an improper assignment of privileges in the User Management tab, which could result in elevated privileges...
GO-2025-4125 Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack in github.com/rhobs/observability-operator
Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack in github.com/rhobs/observability-operator...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-6325
Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through = 51.1.36...
CVE-2025-60195
Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2.1...
CVE-2025-60243
Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through = 1.2.46...
CVE-2025-62034
Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
CVE-2025-49900
Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...