23 matches found
CVE-2026-12388
A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...
EUVD-2026-40301
A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...
EUVD-2025-9310
Malicious code in bioql PyPI...
CVE-2025-36530
Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...
CVE-2025-36530 Import Path Traversal Enables Unauthorized Unsigned Plugin Installation
Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...
CVE-2025-23391
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...
CVE-2025-23391
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...
CVE-2025-23391
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...
CVE-2025-23391
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...
Rancher 安全漏洞
Rancher is an open source container management platform from the US-based Rancher Open Source, built for organizations that deploy containers in production environments. A security vulnerability exists in Rancher versions prior to 2.8.0 to 2.8.14, 2.9.0 to 2.9.8, and 2.10.0 to 2.10.4, which stems...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment that allows a Restricted Administrator user to change the password of an Administrator account and escalate privileges by taking over the Administrator account. Workaround This vulnerability can be avoided...
GHSA-8P83-CPFG-FJ3G Rancher: Restricted Administrator can change Administrator's passwords
Impact A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts. A Restricted Administrator should be not allowed to change the password of more privileged users unless it contains the Manage Users...
Rancher: Restricted Administrator can change Administrator's passwords
Impact A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts. A Restricted Administrator should be not allowed to change the password of more privileged users unless it contains the Manage Users...
SUSE CVE-2025-23391
A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...
PT-2025-14372 · Rancher · Rancher
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.8.0 through 2.8.13 Rancher versions 2.9.0 through 2.9.7 Rancher versions 2.10.0 through 2.10.3 Description: A vulnerability in SUSE Rancher allows a Restricted Administrator to change the password of Administrators and take...
CVE-2024-9471
A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...
SUSE CVE-2024-22116
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...
UBUNTU-CVE-2024-22116
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...
Schneider Electric SpaceLogic AS-P Security Vulnerability
Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. A security vulnerability exists in Schneider Electric SpaceLogic AS-P V5.0.3 and earlier and SpaceLogic AS-B V5.0.3 and earlier, which stems from the presence of a competitive condition vulnerability that...
Rancher Labs Rancher Licensing Issue Vulnerability (CNVD-2022-65014)
Rancher Labs Rancher is an open source enterprise-class container management platform from Rancher Labs, Inc. Rancher Labs Rancher is vulnerable to an authorization issue that could be exploited by an attacker to escalate a user with a restricted administrator role to full administrator...