182 matches found
EUVD-2025-209895
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
CVE-2026-41085
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...
CVE-2026-41085
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...
Subnet Solutions PowerSYSTEM Center 安全漏洞
Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which allows authenticated users with limited privileges to perform unauthorized project group deletions...
CVE-2026-25908
Affected product: Dell Alienware Command Center (AWCC). Versions prior to 6.13.8.0 are vulnerable to an Execution with Unnecessary Privileges flaw that can allow a local, low-privilege attacker to achieve Elevation of Privileges. Several connected sources corroborate the issue and reference the D...
CVE-2026-33461
Kibana Fleet contains an Incorrect Authorization (CWE-863) flaw that allows a user with limited Fleet privileges to call an internal API endpoint and obtain full configuration objects, bypassing authorization checks in the dedicated settings APIs. The endpoint assembles a response by fetching com...
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...
EUVD-2026-17115
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
UBUNTU-CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
CVE-2026-5170
CVE-2026-5170 – summary : MongoDB Server is affected by a vulnerability where a user with limited privileges can cause a mongod crash during the window when a cluster is promoted from a replica set to a sharded cluster, resulting in a denial of service on the primary. Affected versions are MongoD...
MongoDB Server -- CWE-617: Reachable Assertion
https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...
CVE-2025-41710
CVE-2025-41710 describes an unauthenticated remote access issue where an attacker may use hard-coded credentials to reach a previously activated FTP server with limited read/write privileges. The CVSSv3.1 base score is 6.5 (Medium) with network attack vector, low attack complexity, and no user in...
CVE-2025-41710 Use of Hard-coded Credentials in power analyzer
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...
CVE-2025-41710 Use of Hard-coded Credentials in power analyzer
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...
CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
UBUNTU-CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
PT-2026-7258
Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP2 Description The application allows unauthorized modification of a configuration file by a user with limited privileges. This could enable an attacker to load malicious DLLs, potentially resulting in arbitrar...