CVE-2026-41315 mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modifycrond and /starttask interfaces, it is possible to modify the default built-in scheduled tasks and start...

CVE-2025-14854

The WP-CRM System WordPress plugin has an unauthorized-access vulnerability due to missing capability checks in AJAX handlers wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status, affecting all versions up to 3.4.5. Authenticated users with subscriber-level access and above can enu...

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

EUVD-2021-25363

Malware in sbrugna...

CVE-2020-11799

Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of authentication procedures, which allow unauthorized users to modify the status of tasks in publicly accessible projects.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely modify the status of tasks in publicly accessible projects...

ZTE Big Video Analysis Product Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in ZTE Big Video Analysis Product, a large video analytics product from ZTE Corporation China, which stems from an attacker with normal user privileges gaining unauthorized access to ZTE Big Video Analysis Product due to improper management of timed...

CVE-2021-21750

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

Privilege escalation

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

CVE-2021-21750

CVE-2021-21750 affects ZTE BigVideo Analysis Product. The vulnerability is an elevation of privilege due to improper management of the timed task modification privilege, enabling an attacker with ordinary user permissions (local access) to gain unauthorized access. Exploit status is not detailed ...

CVE-2021-21750

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access...

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321...

IBM DB2 权限许可和访问控制问题漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An elevation of privilege vulnerability exists in IBM Db2 for Linux that originates from an incorrectl...

CVE-2020-11799

Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to...

PT-2009-5434 · Symantec · Symantec Altiris Deployment Solution

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430 Description: The issue is related to improper access restriction to the listening port for the DBManager service. This allows remote attackers to bypass authenticati...

CVE-2006-1284

The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite SGSS 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks...

CVE-2006-1284

The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite SGSS 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks...