26 matches found
PT-2026-23521
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Slack slash-command handler incorrectly authorizes any direct message sender when the dmPolicy is set to open. This allows attackers to execute privileged slash commands via direct message,...
EUVD-2023-50082
Malicious code in bioql PyPI...
GO-2025-3691 Mattermost Fails to Verify User's Permissions When Accessing Groups in github.com/mattermost/mattermost-server
Mattermost Fails to Verify User's Permissions When Accessing Groups in github.com/mattermost/mattermost-server...
CVE-2022-43169
A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
CVE-2023-45793
A vulnerability has been identified in Siveillance Control All versions = V2.8 V3.1.1. The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only ha...
Design/Logic Flaw
A vulnerability has been identified in Siveillance Control All versions = V2.8 V3.1.1. The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only ha...
CVE-2023-45793
A vulnerability has been identified in Siveillance Control All versions = V2.8 V3.1.1. The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only ha...
CVE-2023-45793
A vulnerability has been identified in Siveillance Control All versions = V2.8 V3.1.1. The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only ha...
PT-2024-2331 · Unknown · Siveillance Control
Name of the Vulnerable Software and Affected Versions: Siveillance Control versions 2.8 through 3.1.1 Description: A vulnerability has been identified in the affected product, related to insufficient checks on the list of access groups assigned to individual users. This could enable a locally...
Siemens Siveillance Control 安全漏洞
Siemens Siveillance Control is a security management platform from Siemens that integrates video surveillance, access control, intrusion detection and other functions to help organizations achieve comprehensive monitoring and management of buildings, facilities and people. An authorization bypass...
CVE-2022-43169
A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...
CVE-2022-43169
A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...
CVE-2022-43169
A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...
Rukovoditel 跨站脚本漏洞
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other features. A security vulnerability exists in Rukovoditel version 3.2.1, which stems from the Name parameter of the...
CVE-2020-35986
A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
CVE-2020-35986
A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
CVE-2020-35986
A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
CVE-2020-35986
The connected Nuclei template and multiple references confirm CVE-2020-35986 is a stored XSS in the Rukovoditel Web App (version