Post_Exploitation_Privilege_Escalation

⬆️ Week 05 — Post-Exploitation & Privilege Escalation Inter...

CVE-2026-42876

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

GHSA-V4GP-HF5J-4566 IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users

IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify...

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...

PT-2026-36909

Name of the Vulnerable Software and Affected Versions IKUS Rdiffweb versions prior to 2.10.6 Description An improper authorization flaw exists where the API fails to enforce binding between the authenticated subject and the targeted user or tenant. This allows an attacker possessing any valid or...

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

EUVD-2026-12508

Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController-actionImpersonateWithToken...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...

EUVD-2026-10884

Parse Server OAuth2 authentication adapter account takeover via identity spoofing...

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

CVE-2026-30967 Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.9 and 8.6.22 contain authorization vulnerabilities. This vulnerability stems from the OAuth2 authentication adapter not...

challenge-yourself-level-1

Attack Path Lab !GitHubhttps://img.shields.io/badge/GitHu...

CVE-2025-36418

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...