255434 matches found
EUVD-2026-37060
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...
CVE-2026-8176 LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...
CVE-2026-8176
CVE-2026-8176 affects the LatePoint – Calendar Booking Plugin for WordPress. In versions up to 5.5.1, three independent flaws allow an authenticated Agent+ to overwrite a WordPress Administrator’s password without using an Administrator-only API, enabling privilege escalation to Administrator. Th...
CVE-2026-10825
Technical details such as affected products, specific versions, root-cause, and exploit information are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-5416 Command Injection via name parameter
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...
CVE-2025-9912
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...
PAN-OS Management Web Interface - Command Injection
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. id: CVE-2024-9474 info...
Hikvision - Authentication Bypass
Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0...
Qlik Sense Enterprise - HTTP Request Smuggling
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...
VMware vCenter Server LDAP Broken Access Control
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls. id: CVE-2020-3952 info: name: VMware vCenter Server LDAP Broken Access Control author: 0xAkoko severity: critic...
Gogs 0.5.5 - 0.12.2 - Remote Code Execution
Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but n...
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...
EUVD-2025-210165
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...
CVE-2025-9912
Nokia SR Linux is affected by CVE-2025-9912, a local privilege escalation vulnerability. An authenticated user may exploit it to execute arbitrary commands with superuser privileges. The provided sources identify the vendor/product and the impact (local LPE leading to root-level command execution...
CVE-2025-9912 A local privilege escalation vulnerability in Nokia SR Linux
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...
EUVD-2025-210164
Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges...
CVE-2025-10262 An unsanitized format validation vulnerability in Nokia SR Linux
Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges...
CVE-2025-10262
Nokia SR Linux contains a local privilege escalation due to unsanitized format validation. An authenticated user can potentially execute arbitrary commands with superuser privileges. The affected product is Nokia SR Linux; root cause is unsanitized format validation. No explicit affected versions...
SUSE CVE-2026-0438
A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...
EUVD-2026-37011
Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities...