16 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Filestore API endpoints. An attacker can access files from other organizations without explicit permissions by issuing a single authenticated HTTP GET request while holding only minimal read privileg...
CVE-2026-7163
A vulnerability in the assisted-service REST API, an optional Assisted Installer assisted-service component in the Multicluster Engine MCE, allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub...
CVE-2025-68938
A flaw was found in Gitea. An incorrect authorization allows an authenticated user with minimal privileges to delete project releases, causing a loss of availability of project assets and distribution history. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
Exploit for CVE-2025-32579
⚠️ CVE-2025-32579 - Critical RCE via Sync Posts Plugin WordPr...
CVE-2023-0019
In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...
PT-2023-15951 · Sap · Sap Grc
Name of the Vulnerable Software and Affected Versions: SAP GRC Process Control versions GRCFND A V8100 through GRCFND A V1200 SAP GRC Process Control versions GRCPINW V1100 700 through GRCPINW V1200 750 Description: The issue allows an authenticated attacker with minimal privileges to access all...
CVE-2021-44043
An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containi...
Hongdian H8922 路径遍历漏洞
The Hongdian H8922 is a router from the Chinese company Hongdian. A path traversal vulnerability exists in the Hongdian H8922 3.0.5 devices. The vulnerability allows remote attackers to download any file from the device with minimal privileges...
CVE-2020-9458
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users with minimal privileges to export submitted form data and settings via classrmformcontroller.php rmformexport...
Privilege escalation
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...
CVE-2020-9455
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to send arbitrary emails on behalf of the site via classrmuserservices.php sendemailuserview...
WordPress bbPress Members Only Plugin Cross Site Request Forgery Vulnerability
Description The 'bbPress Members Only' Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The 'bbPress Members Only'...
PHP PEAR 'Archive_Tar' Multiple Security Vulnerabilities
Description PEAR ArchiveTar is prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. PEAR ArchiveTar version...
Google Android System Component Multiple Security Vulnerabilities
Description Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to gain sensitive information, elevate privileges or execute arbitrary code in the context of a privileged process. Failed attacks may cause a denial-of-service condition. These issues...
IBM AIX Multiple Unspecified Security Vulnerabilities
Description It has been reported that multiple security issues exist in the print sub-system of IBM AIX. These issues could lead to an attacker gaining unauthorized access to the host, and potentially elevated privileges. Technologies Affected IBM AIX 4.3.0 IBM AIX 4.3.1 IBM AIX 4.3.2 IBM AIX 4.3...