CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

MAL-2026-898 Malicious code in magicwolf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d4f256ccd65da42e297351fbc7c15d4f3b25789c362d0d3419d580c4e07bf34 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator...

CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator...

ALSA-2025:17129 Important: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA CVE-2025-7493 For more details...

CVE-2025-55736

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

CVE-2025-55736 flaskBlog allows arbitrary privilege escalation

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

CVE-2025-55736 flaskBlog allows arbitrary privilege escalation

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

Linux Distros Unpatched Vulnerability : CVE-2023-3893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin...

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. A security vulnerability exists in Keycloak that stems from improperly enforced permissions that could lead to elevated privileges for administrative users...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.9.x through 9.9.1, 9.5.x through 9.5.7, 9.10.x through 9.10.0, and 9.8.x through 9.8.2, which stems from an inability to restrict which roles ca...

CVE-2022-30620

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "isadmin", "showConfig". Administrative Privileges which allows changing various configuration in the camera...

Netflix Dispatch Access Control Error Vulnerability

Netflix Dispatch is a US-based Netflix software that provides security event management with deep integration with Slack, GSuite, Jira and other tools. Netflix Dispatch suffers from an Access Control Error vulnerability that can be exploited by an attacker to view restricted events, escalate a...

Logic flaw vulnerability in the la***.php file of Qibo's new X1.0 system

Zibo's new X1.0 system is a website management system based on the latest thinkphp5 framework. A logic flaw vulnerability exists in the la.php file of the Qibo New X1.0 system. An attacker can use the vulnerability to modify the database data to promote ordinary users to super administrator...

精讯cms sql注入(直接提升为管理员)

简要描述： 用户量挺大的一个cms 详细说明： 看到Lib\Action\MemberAction.class.php public function profile $this - obj - isLogin or $this - showMsgL'LOGINFIRST', Url :: getUrl'member', 'login'; if $this - isSubmit if $this - obj - edit $this - showMsgL'OPERATESUCCESS', $this - referer; else $this - showMsg$this - obj -...

[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20

waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...