CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

EUVD-2023-1877

Malicious code in bioql PyPI...

EUVD-2023-2215

Malicious code in bioql PyPI...

EUVD-2024-31235

Malicious code in bioql PyPI...

EUVD-2023-35525

Malicious code in bioql PyPI...

PT-2024-18996 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.17 XWiki Platform versions prior to 15.5.3 XWiki Platform versions prior to 15.8-rc-1 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of...

CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

PT-2023-23233 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.2.0p10 through 2.2.0p16 Description: The issue concerns the usage of user-controlled LD LIBRARY PATH in the agent of Checkmk, allowing a malicious Checkmk site user to escalate rights via the injection of malicious librarie...

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2023-40177

CVE-2023-40177 affects XWiki Platform: a vulnerability where any registered user can use the user profile content field to execute arbitrary scripts with programming rights, effectively escalating privileges. Root cause: AppWithinMinutes.Content displayer executes content with the rights of the A...

CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

XWiki Platform privilege escalation (PR) from account through AWM content fields

Impact Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. The problem is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field,...

CVE-2023-35152

XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been...

CVE-2023-35152

CVE-2023-35152 concerns the XWiki Platform. Affects versions starting from 12.9-rc-1 up to but not including 14.4.8, 14.10.6, and 15.1. The issue lets any logged-in user insert dangerous content in the first name field, which is then executed with programming rights, leading to privilege escalati...

CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults

XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been...

GHSA-RF8J-Q39G-7XFM XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults

Impact Any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. Patches The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. Workarounds The vulnerability can be fixed by applying this patch. ...

PT-2022-7034 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to v9.1.1 Brocade Fabric OS versions prior to v9.0.1e Brocade Fabric OS versions prior to v8.2.3c Description: The issue allows a low-privilege webtools user to gain elevated admin rights by exploiting a...