Lucene search
K

66 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31704

OpenPLC V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator acces...

8.7CVSS5.9AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:27 a.m.2 views

Missing Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization in the Discord voice ingress authorization process. An attacker can gain unauthorized access to restricted voice channels by exploiting gaps in channel, name,...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:27 a.m.4 views

GHSA-X2M8-53H4-6HCH OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

2.3CVSS5.9AI score0.00222EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/03 3:27 a.m.6 views

OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/09 5:27 p.m.4 views

GHSA-CH3W-9456-38V3 Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.9AI score0.0023EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 9:30 a.m.7 views

EUVD-2025-208125

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22305

Name of the Vulnerable Software and Affected Versions Listee theme for WordPress versions prior to 1.1.7 Description The Listee theme for WordPress is affected by a privilege escalation issue. A broken validation check in the bundled listee-core plugin’s user registration function does not proper...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/02/15 1:28 p.m.6 views

CVE-2025-8572

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

9.8CVSS5.5AI score0.00439EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/14 8:26 a.m.29 views

CVE-2025-8572 Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

9.8CVSS0.00439EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/14 8:26 a.m.2 views

CVE-2025-8572 Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

9.8CVSS5.5AI score0.00439EPSS
Exploits1References2
CVE
CVE
added 2026/02/14 8:26 a.m.21 views

CVE-2025-8572

The CVE concerns the Truelysell Core plugin for WordPress. Versions

9.8CVSS5.5AI score0.00439EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

WordPress plugin Truelysell Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS7.3AI score0.00439EPSS
Exploits1References2
NVD
NVD
added 2026/01/09 7:16 a.m.7 views

CVE-2025-14736

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.29. This is due to insufficient validation of user-supplied role values in the 'validatevalue', 'preupdatevalue', and 'getfieldsdisplay' functions. This makes it...

9.8CVSS0.00663EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/14 12:0 a.m.3 views

CVE-2025-56747

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...

6.6AI score0.00269EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41934

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions up to and including 5.13 Description A privilege escalation issue exists in the Api instructor controller. Authenticated users without the necessary permissions can access functions intended only for...

6.5CVSS6.6AI score0.00269EPSS
Exploits1References3
CVE
CVE
added 2025/10/14 12:0 a.m.11 views

CVE-2025-56747

Affected software : Creativeitem Academy LMS (versions up to 5.13). Vulnerability : Privilege escalation in the Api_instructor controller where regular authenticated users can access instructor-only functions due to missing/incorrect role validation, enabling unauthorized course creation and mana...

6.5CVSS6.6AI score0.00269EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-0050

Malware in sbrugna...

6.9CVSS6.2AI score0.01642EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2017-11793

Malware in sbrugna...

4.9CVSS5AI score0.01472EPSS
Exploits0References5
OSV
OSV
added 2025/09/02 8:15 p.m.3 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS5.9AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2025/09/02 7:48 p.m.16 views

CVE-2025-6685

ATEN eco DC contains a missing authorization flaw in its web-based interface that can enable privilege escalation. The issue arises from not validating the assigned user role when handling requests, allowing an attacker with network access to escalate privileges to restricted resources; authentic...

8.8CVSS6.6AI score0.00654EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder