CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

PT-2026-40669

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A highly privileged,...

MantisBT Vulnerable to Privilege Escalation from Manager to Administrator

Insufficient access control checks in ProjectUsersAddCommand used in manageprojuseradd.php and REST API endpoint PUT /project/id/users allows users having manageprojectthreshold access level manager by default to grant project-level administrator access to any user including themselves in any...

CVE-2026-43510 CISA manage.get.gov insecure portfolio administrative privileges

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

CISA manage.get.gov incorrect portfolio administrator privileges

RISK EVALUATION manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. 2. RECOMMENDED PRACTICES Fixed in 1.176.0 on or around 2026-04-30. 3. DESCRIPTION...

get.gov 安全漏洞

get.gov is an open-source domain registration management tool provided by the Cybersecurity and Infrastructure Security Agency of the United States of America. There is a security vulnerability in get.gov; this vulnerability stems from the ability for organizational administrators to assign domai...

CVE-2025-67738

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...

EUVD-2016-0414

Malware in sbrugna...

PT-2023-20720 · European Chemicals Agency · Iuclid

Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID versions prior to 6.27.6 Description: The issue allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template...

TeamPass Improper Privilege Management

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

GHSA-5QR3-4839-88GF TeamPass Improper Privilege Management

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

CVE-2017-15053

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...

Improper access control

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

CVE-2017-15052

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

CVE-2017-15053

TeamPass

IBM WebSphere MQ Denial of Service Vulnerability (Sep 2016)

IBM WebSphere MQ is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Authentication flaw

IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service channel outage by leveraging queue-manager rights...

CVE-2016-0379

IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service channel outage by leveraging queue-manager rights...