78 matches found
ROS-20260310-73-0013
A vulnerability in the user interface UI of the Google Chrome browser is related to the lack of a user warning about unsafe actions. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...
Hitachi Energy Relion REB500 Product Privilege Defined with Unsafe Actions (CVE-2026-2460)
A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the contents of directories that the role is not authorized to do so. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
CVE-2025-14349
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349
CVE-2025-14349 affects Universal Software Inc. FlexCity/Kiosk prior to version 1.0.36. The issue is described as a privilege escalation caused by privileges defined with unsafe actions and missing authentication for a critical function, allowing access to functionality not properly constrained by...
CVE-2025-14349
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2026-0945
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...
CVE-2026-0945 Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...
CVE-2026-0945
CVE-2026-0945 affects Drupal Role Delegation. Multiple sources confirm a privilege escalation flaw in Role Delegation versions 1.3.0 up to 1.4.9 (affecting the ability to grant roles with delegated authority and, when paired with Views Bulk Operations, allow assigning the administrator role). Roo...
EUVD-2026-5354
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...
CVE-2025-13979
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...
CVE-2025-13979 Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...
CVE-2025-13979 Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...
CVE-2025-13979
CVE-2025-13979 concerns a Stored XSS vulnerability described as a Privilege Defined With Unsafe Actions issue in the Drupal Mini site. Affected product: Drupal Mini site prior to version 3.0.2 (0.0.0 <= version
PT-2026-5198
Name of the Vulnerable Software and Affected Versions Drupal Mini site versions prior to 3.0.2 Description A flaw exists in Drupal Mini site that allows for Stored Cross-Site Scripting XSS due to unsafe actions with defined privileges. This allows an attacker to inject malicious scripts into the...
PT-2025-54575
Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A user interface issue in Google Chrome may not adequately warn users about unsafe actions. Remote attackers could potentially bypass existing security restrictions by exploiting this...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-24893link is external XWiki Platform Eval Injection Vulnerability CVE-2025-41244link is external Broadcom VMware Aria Operations and VMware Tools Privilege...
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this...