CVE-2026-1213

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004074 advisory. An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privilege...

EUVD-2025-60983

Due to information disclosure vulnerability in anonymous API provided by SAP Business One SLD, an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and...

CVE-2025-42897

Due to information disclosure vulnerability in anonymous API provided by SAP Business One SLD, an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and...

EUVD-2019-7998

Malware in sbrugna...

CVE-2020-25245

A vulnerability has been identified in DIGSI 4 All versions V4.94 SP1 HF 1. Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM...

CVE-2025-32796

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

CVE-2025-32796

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

PT-2024-5718 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack version 4.19.1.0 Description: The issue is related to a regression in the network listing API, allowing unauthorized list access of network details for domain admin and normal user accounts. This compromises tenant isolation...

CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...

CVE-2023-30602 Hitron Technologies Inc. CODA-5310 - Insecure service Telnet

Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator...

Dahua software products 代码问题漏洞

Dahua software products are a family of applications from the Chinese company Dahua. A security vulnerability exists in a number of Dahua software products, which stems from an unrestricted file upload that allows an attacker to upload arbitrary files by sending a specific, carefully crafted...

CVE-2022-25048

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user...

Command injection

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user...

CVE-2022-25048

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user...

Enterprise Endpoint Security 代码问题漏洞

Check Point Enterprise Endpoint Security is an advanced protection focused on traditional endpoints and modern mobile devices from Check Point Israel. A security vulnerability exists in Enterprise Endpoint Security E86.20 Windows Clients that originates from a user having access to the directory...

ZTE Big Video Analysis Product 权限许可和访问控制问题漏洞

An elevation of privilege vulnerability exists in ZTE Big Video Analysis Product, a large video analytics product from ZTE Corporation China, which stems from an attacker with normal user privileges gaining unauthorized access to ZTE Big Video Analysis Product due to improper management of timed...

minio -- policy restriction issue

minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using righ...

Sourcegraph 信息泄露漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. in the United States. Sourcegraph suffers from a security vulnerability that stems from the fact that the site administration area can be accessed by a normal user, with all information and functionality properly...