6 matches found
CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...
PT-2026-52574
Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description An issue exists where authenticated Custom users with the ManageUsers permission can escalate privileges to remove Admin accounts from an organization. This occurs due to a missing role...
CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...
EUVD-2024-49924
Malicious code in bioql PyPI...
Eyes of Network Web 跨站请求伪造漏洞
Eyes of Network Web is a global regulatory solution for hardware status of devices, operating systems, standard applications, business applications and performance from the Eyes of Network Web community. A security vulnerability exists in Eyes of Network Web version 5.3, which stems from a lack o...
UCenter存在多处CSRF(可备份数据、删除应用、删除管理员等)
简要描述: UCenter存在多处CSRF(可备份数据、删除应用、删除管理员等) 详细说明: UCenter有很多处没有判断formhash啊……都可以CSRF…… 漏洞证明: 1 删除应用 formhash为空,成功提交 2 删除管理员 formhash为空,成功删除 3 备份数据 无formhash,目录名可控 img src="https://images.seebug.org/upload/201410/041241325af3f4ef84e017e7a80...