CVE-2026-47190

A flaw was found in the Cluster API Provider Metal3 IP Address Manager IPAM controller. The controller's ClusterRole granted excessive permissions, allowing full create, read, update, and delete CRUD access to core/v1 Secrets. If the controller pod were compromised, an attacker could leverage the...

EUVD-2025-199894

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

EUVD-2023-40445

Malicious code in bioql PyPI...

CVE-2022-23922

CVE-2022-23922 affects WIN-911 2021 R1 (up to 5.21.10) and R2 (up to 5.21.17). Description: a permissions misconfiguration allows a local attacker to write files to the Program Announcer directory and escalate privileges when the program runs. Connected docs corroborate affected product/versions ...

CVE-2021-35946

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions...

Mozilla Firefox浏览器强制URL拖放操作权限提升漏洞

CVECAN ID: CVE-2010-0178 Firefox是一款流行的开源WEB浏览器。 浏览器Applet可能错误的将单个鼠标点击动作解释为拖放操作，这可能导致在用户浏览器中非预期的加载资源。攻击者可以连续两次利用这种行为，第一次在用户浏览器中加载特权的chrome: URL，之后在同一文档之上加载恶意的javascript: URL，导致以chrome权限执行任意脚本。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0.4 补丁安装方法： 1. 手工安装补丁...