CVE-2024-40884

Mattermost Server 9.5.x (up to 9.5.7) and 9.10.x (up to 9.10.0) are affected by an improper access control issue that allows a team admin user without the Add Team Members permission to disable the invite URL. The issue is caused by insufficient enforcement of permissions (no explicit access cont...

GO-2023-2025 Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker

Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker...

Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

CVE-2024-7661

A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function saveusers of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely...

CVE-2024-22121

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application...

CVE-2024-22121

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application...

UBUNTU-CVE-2024-22121

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix versions 5.0.42, 6.0.30, 6.4.15, and 7.0.0rc2 that originates from the ability of a...

CVE-2024-22121

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application...

CVE-2024-22121 Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application...

CVE-2024-22121

Technical details about CVE-2024-22121 are not publicly provided in the connected documents. Descriptions only state that a non-admin user can modify Zabbix Agent features. Monitor for updates from vendors and advisories.

ROS-20240807-05

A vulnerability in the PostPolicyBucket component of the MinIO object storage server is related to errors in privilege management. privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending specially crafted HTTP...

CVE-2024-33964

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...

CVE-2024-33976

Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'...

CVE-2024-33976

Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'...

Young Entrepreneur E-Negosyo System 跨站脚本漏洞

Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System by janobe individual developers. A cross-site scripting vulnerability exists in Young Entrepreneur E-Negosyo System version 1.0. An attacker can use this vulnerability to send a specially crafted JavaScript load to a use...

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

CVE-2024-4977 Index WP MySQL For Speed < 1.4.18 - Admin+ Reflected XSS

The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

CVE-2024-39317 Wagtail regular expression denial-of-service via search query parsing

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...