7 matches found
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
CVE-2026-32991
CVE-2026-32991 arises from improper authorization checks of team member privileges in cPanel & WHM, enabling a team member to escalate to the team owner account. The PT Security entries consolidate multiple CVEs and indicate a patch will be released May 13, 1:00 PM EST, addressing CVE-2026-32991 ...
PT-2026-2144
Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.78 Description RustFS is a distributed object storage system built in Rust. A flaw in the deny only short-circuit within RustFS IAM allows a restricted service account or STS credential to...
CVE-2024-8017
An XSS vulnerability exists in open-webui/open-webui versions = 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their ow...
PT-2024-40505 · Burn · Burn
Name of the Vulnerable Software and Affected Versions: Burn versions affected versions not specified Description: The issue concerns the use of an unprotected directory, C:WindowsTemp, by Burn to copy and run binaries. This directory is accessible to low-privilege users, who can hijack binaries...
PT-2023-22090 · Unknown · Openfeature Operator
Name of the Vulnerable Software and Affected Versions: OpenFeature Operator versions prior to 0.2.32 Description: The issue allows an attacker to escalate the privileges of any service account in the cluster, assuming the pre-existence of a vulnerability that enables arbitrary code execution. Thi...
CVE-2022-28802
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's...