PT-2025-34745

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Information System version 1.0 Description: A vulnerability exists in SourceCodester Human Resource Information System 1.0, specifically within an unknown functionality of the /Superadmin...

CVE-2025-40736

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...

CVE-2025-40736

CVE-2025-40736 affects Siemens SINEC NMS (all versions before 4.0). The issue is an access control/endpoint weakness that allows an unauthenticated attacker to modify administrative credentials, enabling a reset of the superadmin password and potentially full control of the application (ZDI-CAN-2...

CVE-2025-40736

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the...

CVE-2023-26471

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability CWE-319 in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in...

CVE-2025-46188

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadminphpmyadmin.php...

SourceCodester Client Database Management System 安全漏洞

SourceCodester Client Database Management System is a SourceCodester open source client database management system. A security vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from an SQL injection in superadminphpmyadmin.php...

PT-2025-20575

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description SourceCodester Client Database Management System version 1.0 is susceptible to SQL Injection through the superadmin phpmyadmin.php file. The issue allows for potential...

CVE-2021-44967

A Remote Code Execution RCE vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-6908

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...

CVE-2024-6908 Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...

PT-2024-37949 · Yugabyte · Yugabyte Platform

Name of the Vulnerable Software and Affected Versions: Yugabyte Platform affected versions not specified Description: The issue concerns improper privilege management, allowing authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request. This could lead to...

Silverpeas authentication bypass

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

GHSA-4W54-WWC9-X62C Silverpeas authentication bypass

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

PT-2024-26859 · Unknown · Silverpeas

Name of the Vulnerable Software and Affected Versions: Silverpeas versions prior to 6.3.5 Description: The issue allows authentication bypass by omitting the Password field to AuthenticationServlet, potentially providing an unauthenticated user with superadmin access. This has been exploited in...