2475 matches found
CVE-2026-27484
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling timeout, kick, ban uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and...
CVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...
CVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
CVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...
CVE-2025-12757
The CVE-2025-12757 entry concerns Axis Camera Station Pro where a feature allows a non-admin user to view information they are not permitted to access. Metrics show CVSS 3.1 base score 4.6 (Medium), with an Adjacent attack vector, Low privileges required, No user interaction, and Confidentiality/...
CVE-2025-11547
AXIS Camera Station Pro is affected by a local-privilege-escalation vulnerability where a non-admin user can escalate privileges on the server. The issue, as described, has a HIGH impact on confidentiality, integrity, and availability, with CVSS 3.1 metrics indicating local attack, low complexity...
CVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...
CVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...
CVE-2026-24325
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
PT-2026-7233
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...
PT-2026-7229
Name of the Vulnerable Software and Affected Versions AXIS Camera Station Pro affected versions not specified Description AXIS Camera Station Pro contains a flaw that allows a non-administrative user to perform a privilege escalation attack on the server. Recommendations At the moment, there is n...
CVE-2020-37079
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...
CVE-2020-37160 SprintWork 2.3.1 - Local Privilege Escalation
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain...
CVE-2020-37160
SprintWork 2.3.1 is affected by local privilege escalation due to insecure file, service, and folder permissions on Windows. Affected component: SprintWork executable/related services that allow creation of a new administrative user, leading to full system compromise. Root cause identified as ins...