36 matches found
CVE-2026-4286
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...
CVE-2026-40914
CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...
UBUNTU-CVE-2026-46150
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...
EUVD-2026-31221
Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...
EUVD-2026-11127
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
EUVD-2021-13092
Malware in sbrugna...
EUVD-2019-18752
Malware in sbrugna...
EUVD-2022-41553
Malicious code in bioql PyPI...
CVE-2023-52972
Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes...
vivo Permission manager module 安全漏洞
The vivo Permission manager module is a cell phone permission management module from the Chinese company Vivo. A security vulnerability exists in vivo Permission manager module, which originates from a locally installed application that can bypass permission checking and perform system operations...
CVE-2024-11672
CVE-2024-11672 affects Devolutions Remote Desktop Manager, with incorrect authorization in the Add permission component prior to 2024.2.22 on Windows. An authenticated user could bypass the Add permission via the vault import feature, exposing integrity (LOW) but not confidentiality/availability ...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server. An unauthenticated attacker could exploit the vulnerability to craft URL links that bypass the permission list control...
CVE-2024-31332
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-6354
CVE-2024-6354 affects Devolutions Remote Desktop Manager (Windows) 2024.2.11 and earlier. The issue is an improper access control in the PAM dashboard that allows an authenticated user to bypass the execute permission via the PAM dashboard. The vulnerability is reported with a high impact (C/H, I...
BIT-REDMINE-2021-31864
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...
SUSE-SU-2024:0289-1 Security update for slurm_23_02
This update for slurm2302 fixes the following issues: Update to slurm 23.02.6: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level...
PT-2023-18117 · Unknown · Permission Manager
Name of the Vulnerable Software and Affected Versions: Permission Manager affected versions not specified Description: In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no addition...
Internet Bug Bounty: CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags
In Apache Airflow versions before 2.7.2, a vulnerability existed that allowed authorized users with access to read specific DAGs to view task instance information from other DAGs by bypassing permission verification. Upgrading to Apache Airflow version 2.7.2 or newer addressed this issue...
CVE-2023-32558
The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...
CVE-2023-30586
A vulnerability has been identified in the Node.js 20, allows loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model...