Exploit for Prototype Pollution in Substack Minimist

CVE-2020-7598 - Prototype Pollution in minimist Disclaimer...

CVE-2026-42562

Plainpad (self-hosted note-taking app) is affected prior to version 1.1.1. A low-privilege, authenticated user can escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}; the endpoint stores the admin attribute from user input, allowing immediate access to admin-only rou...

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...

CVE-2025-66028

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

EUVD-2025-30245

Malicious code in bioql PyPI...

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

CVE-2021-45896

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...

Privilege Escalations

foreman is vulnerable to privilege escalation attacks. The vulnerability exists as the create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag o...

Design/Logic Flaw

The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...

Path for daily backup is configurable through WEB UI

It is possible to set the daily backup path and partial name through the web UI. This could mean that information can be obtained by a rouge admin. This issue addresses that by introducing a flag so concerned administrators can remove this feature. This flag is set to false by default meaning it ...