38 matches found
EUVD-2020-21539
Malware in sbrugna...
EUVD-2019-16705
Malware in sbrugna...
EUVD-2025-13347
Malicious code in bioql PyPI...
EUVD-2024-19627
Malicious code in bioql PyPI...
EUVD-2024-38577
Malicious code in bioql PyPI...
EUVD-2022-4789
Malicious code in bioql PyPI...
CVE-2025-58334
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves...
CVE-2025-58334
The CVE-2025-58334 vulnerability affects JetBrains IDE Services prior to 2025.5.0.1086 and 2025.4.2.2164, where users without proper permissions could assign themselves a high-privilege role. This stems from an improper privilege assignment mechanism discussed across multiple sources. Impact focu...
CVE-2020-5916
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory...
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
CVE-2020-27850
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
CVE-2025-47245 affects BlueWave Checkmate up to version 2.0.2 before commit d4a6072, where an invite request can be modified to specify a privileged role. The issue is documented across multiple feeds (NVD, Red Hat, OSV, NVD enrichments) with a high impact and CVSS 3.1 base score of 8.1 (CONF/INT...
PT-2025-18959 · Unknown · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions through 2.0.2 before d4a6072 Description: The issue allows an invite request to be modified to specify a privileged role. Recommendations: For BlueWave Checkmate versions through 2.0.2 before d4a6072, consider...
CVE-2025-23239
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached E...
CVE-2024-22022
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service...
CVE-2024-40710
A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...
Code injection
Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role Plan?Author?to retrieve?plans?from?a?Scope other than the one they are assigned to...