Lucene search
K

10 matches found

Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.63 views

📄 Bichon 1.0.2 Privilege Escalation

Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality. Bichon 1.0.2 Vertical Privilege Escalation via Account Role Assignment ====================================================================== Vendor: rustmailer Product:...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:24 a.m.9 views

CVE-2008-6399

Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors...

6.4CVSS7.1AI score0.01953EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.2 views

PT-2025-43523

Name of the Vulnerable Software and Affected Versions OpenBao AWS Plugin versions prior to 0.1.1 Description The OpenBao AWS Plugin generates AWS access credentials based on IAM policies. Versions of the plugin prior to 0.1.1 are susceptible to cross-account IAM role Impersonation within the AWS...

8.1CVSS6.3AI score0.00242EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.4 views

PT-2025-39238

Name of the Vulnerable Software and Affected Versions Web Application affected versions not specified Description The web application has a flaw that allows an unauthenticated remote attacker to gather information about existing user accounts, including their roles, due to a lack of authenticatio...

5.3CVSS6.4AI score0.00361EPSS
Exploits0References6
NVD
NVD
added 2025/08/06 4:16 a.m.27 views

CVE-2025-6994

The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listinguserrole' field. This makes it possible for...

9.8CVSS0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 11:22 a.m.13 views

CVE-2024-12281 Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by...

9.8CVSS0.00402EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.63 views

K29146534: SSB Variant 4 vulnerability CVE-2018-3639

Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

5.5CVSS6.8AI score0.60631EPSS
Exploits2Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.74 views

K31085564: Spectre SWAPGS gadget vulnerability CVE-2019-1125

Security Advisory Description An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. CVE-2019-1125 also known as Spect...

5.6CVSS7.1AI score0.04521EPSS
Exploits4Affected Software17
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.9 views

PT-2023-16006 · Keycloak +1 · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...

6.5CVSS4.8AI score0.00466EPSS
Exploits0References5
Kitploit
Kitploit
added 2018/08/19 9:19 p.m.20 views

CloudSploit Scans - AWS Security Scanning Checks

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks. Installation Ensure that NodeJS is installed. If not, instal...

7AI score
Exploits0References2
Rows per page
Query Builder