110 matches found
CVE-2026-44987
SysReptor (fully customizable pentest reporting platform) has a privilege-escalation issue in versions before 2026.29: users with User Admin permissions can change the emails of users with Superuser permissions. If the installed forgot-password feature is enabled (non-default), these users can re...
CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...
EUVD-2026-28870
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...
CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...
PT-2026-39211
Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...
rConfig RCE (CVE-2020-10221)
The version of rConfig installed on the remote host is affected by a remote code executionvulnerability, as follows: - The flaw exists due to insufficient input validation in the userAdmin.inc.php component, which allows an unauthenticated attacker to upload arbitrary files to the server. By...
EUVD-2019-2434
Malware in sbrugna...
EUVD-2006-4375
Malware in sbrugna...
EUVD-2025-31652
Malicious code in bioql PyPI...
EUVD-2024-19722
Malicious code in bioql PyPI...
EUVD-2024-26032
Malicious code in bioql PyPI...
EUVD-2023-53902
Malicious code in bioql PyPI...
EUVD-2024-42182
Malicious code in bioql PyPI...
EUVD-2022-5793
Malicious code in bioql PyPI...
EUVD-2025-3057
Malicious code in bioql PyPI...
EUVD-2022-3878
Malicious code in bioql PyPI...
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
pybbs 安全漏洞
pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a weak password requirement in the function update in the file...
CVE-2025-0057
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
CVE-2025-43947
Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...