Lucene search
+L

461 matches found

CVE
CVE
added 2026/03/10 4:44 p.m.16 views

CVE-2026-25836

FortiSandbox Cloud 5.0.4 is affected by an OS command injection vulnerability. A privileged attacker with super-admin profile and CLI access can craft HTTP requests to execute arbitrary commands on the system. The CVSSv3.1 base score is 7.2 (HIGH) with network access, low attack complexity, and h...

7.2CVSS6AI score0.0176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24247

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.11 views

PT-2026-24248

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox Cloud version 5.0.4 Description The system contains a flaw due to improper neutralization of special elements used in an operating system command, specifically an 'os command injection' issue. Successful exploitation may...

9CVSS6AI score0.0176EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/09 5:27 p.m.6 views

EUVD-2026-10160

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/09 5:27 p.m.10 views

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/09 5:27 p.m.4 views

GHSA-CH3W-9456-38V3 Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.9AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.5 views

CVE-2025-15602

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.6 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 4:14 p.m.0 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:14 p.m.1 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/07 4:14 p.m.17 views

CVE-2026-29195

This CVE concerns Netmaker (WireGuard-based) where, prior to v1.5.0, the PUT /api/users/{username} handler failed to validate attempts by an admin to assign super-admin during user updates. The result could allow an admin-user to elevate to super-admin, since the check to prevent super-admin assi...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.10 views

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained security...

6.9CVSS7.3AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.8 views

PT-2026-23870

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0 Description Netmaker, which utilizes WireGuard, has an issue where the user update handler does not properly validate role assignments. Specifically, an administrator-role user can assign the super-admin role t...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References140
Snyk
Snyk
added 2026/03/06 6:31 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through insufficient protection of sensitive user attributes in the mass assignment process. A...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/06 6:31 p.m.6 views

EUVD-2025-208340

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/06 6:31 p.m.11 views

Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/06 6:31 p.m.4 views

GHSA-5448-V74M-7MV7 Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References5
NVD
NVD
added 2026/03/06 5:16 p.m.8 views

CVE-2025-15602

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS0.0046EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/06 4:16 p.m.31 views

CVE-2025-15602 Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS0.0046EPSS
Exploits1References3
Rows per page
Query Builder