10 matches found
📄 Bichon 1.0.2 Privilege Escalation
Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality. Bichon 1.0.2 Vertical Privilege Escalation via Account Role Assignment ====================================================================== Vendor: rustmailer Product:...
CVE-2008-6399
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors...
PT-2025-43523
Name of the Vulnerable Software and Affected Versions OpenBao AWS Plugin versions prior to 0.1.1 Description The OpenBao AWS Plugin generates AWS access credentials based on IAM policies. Versions of the plugin prior to 0.1.1 are susceptible to cross-account IAM role Impersonation within the AWS...
PT-2025-39238
Name of the Vulnerable Software and Affected Versions Web Application affected versions not specified Description The web application has a flaw that allows an unauthenticated remote attacker to gather information about existing user accounts, including their roles, due to a lack of authenticatio...
CVE-2025-6994
The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listinguserrole' field. This makes it possible for...
CVE-2024-12281 Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile
The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by...
K29146534: SSB Variant 4 vulnerability CVE-2018-3639
Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...
K31085564: Spectre SWAPGS gadget vulnerability CVE-2019-1125
Security Advisory Description An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. CVE-2019-1125 also known as Spect...
PT-2023-16006 · Keycloak +1 · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...
CloudSploit Scans - AWS Security Scanning Checks
CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks. Installation Ensure that NodeJS is installed. If not, instal...