88 matches found
Johnson Controls CEM AC2000
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...
EUVD-2026-24750
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...
CVE-2026-6356 CVE-2026-6356
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information...
PT-2026-34335
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them ...
CVE-2020-36969 M/Monit 3.7.4 - Privilege Escalation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...
CVE-2025-65118
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
CVE-2025-64729
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...
CVE-2025-65118
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
CVE-2025-64729
The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...
PT-2026-3199
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
Apple macOS Tahoe Insufficient Privilege Restriction Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...
Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
EUVD-2025-203395
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
Red Hat Runtimes Inventory Operator 安全漏洞
Red Hat Runtimes Inventory Operator is a program runtime environment management software from Red Hat USA. A security vulnerability exists in Red Hat Runtimes Inventory Operator that stems from a misconfiguration of the internal agent component, which could cause a standard user to execute...
CVE-2025-43470
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...
CVE-2025-43470
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...
CVE-2025-43470
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...
CVE-2025-43470
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...
CVE-2025-43470
CVE-2025-43470 is a macOS Tahoe 26.x vulnerability where a standard user could view files from a disk image created by an administrator due to insufficient permission checks. The public descriptions consistently state a permissions issue that was addressed with additional restrictions, and that t...
EUVD-2025-203135
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...