CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

Oracle Solaris Resource Management Error Vulnerability

Oracle Solaris is a Unix-like operating system developed by Oracle. A file system component vulnerability exists in Oracle Solaris version 11 that stems from a flaw in the system privilege validation mechanism. An attacker could use this vulnerability to cause a complete denial of service sustain...

CVE-2025-50892

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests IRPMJREAD/IRPMJWRITE sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive...

CVE-2023-22428

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to vEL8.60.2347 MR6, vEL8.50 prior to vEL8.50.2831MR8, vEL8.40 a...

CVE-2020-11464

An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...

CVE-2020-11463

An issue was discovered in Deskpro before 2019.8.0. The /api/emailaccounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to view group information via an API request...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to add guest users via the API...

Huawei HarmonyOS and EMUI Privilege Authentication Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a privilege...

Devolutions Remote Desktop Manager Security Vulnerability

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.3.31 and earlier, which stems from insufficient privilege validation, and could all...

AMD Ryzen 安全漏洞

AMD Ryzen is a central processing unit CPU from Ultraviolet Semiconductor AMD. AMD Ryzen Master suffers from a security vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to modify files in a way that could lead to elevation of privilege and cod...

JFrog Artifactory 安全漏洞

Jfrog JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's Jfrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for tracking artifact automation from development to production. A security vulnerabilit...

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

Cisco Unified Contact Center Management Portal和Cisco Unified Contact Center Domain Manager 安全漏洞

Cisco Unified Contact Center Management Portal and Cisco Unified Contact Center Domain Manager are both products of Cisco Corporation. Management Portal is an intuitive and secure Web-based application that allows supervisors and managers to meet the complex and changing demands of the contact...

CVE-2021-23193

Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 MR3 ; 8.40...

CVE-2020-11466

An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthoriz...

CVE-2019-1754

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker...

Nextcloud Server Privilege Authentication Vulnerability (CNVD-2019-18774)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege validation vulnerability exists in versions of Nextcloud Server prior to 14.0.0 that can be exploited by an attacker to bypa...