40 matches found
CVE-2026-41657
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
CVE-2026-3519
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...
EUVD-2016-1737
Malware in sbrugna...
EUVD-2020-25932
Malware in sbrugna...
EUVD-2018-17010
Malware in sbrugna...
EUVD-2020-17731
Malware in sbrugna...
EUVD-2017-3023
Malware in sbrugna...
EUVD-2018-1449
Malware in sbrugna...
CVE-2025-29926
CVE-2025-29926 affects XWiki Platform via the WikiManager REST API. In affected releases before fixes, any user could create a new wiki, potentially granting the user administrator privileges and enabling further farm-wide attacks. The REST API is not included in XWiki Standard by default and mus...
CVE-2023-28852
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versio...
GHSA-GX6H-936C-VRRR Cross site scripting in registration template in xwiki-platform
Impact We found a possible XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions: - the wiki must be open to registration for anyone - the wiki must be closed to view for Guest users more specifically the...
Cross site scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...
CVE-2022-23622 Cross site scripting in registration template in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...
CVE-2022-23622
XWiki Platform contains an XSS vulnerability (CVE-2022-23622) in the registerinline.vm template associated with the xredirect hidden field. Exploitation requires the wiki to be open to registration and the XWiki.Registration page to be forbidden for guests (or equivalent rights); administrators e...
CVE-2022-23622 Cross site scripting in registration template in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...
Steam Gaming Platform Hosting Malware
UPDATE Look out for SteamHide, an emerging malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign. The Steam platform merely serves as a vehicle which hosts the malicious file, according to research fr...
CVE-2020-4685
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos...
LY Corporation: Able to Become Admin for Any LINE Official Account
The reporter found an issue where abusing an IDOR would allow for an attacker to become an administrator of any LINE Official Account. This was due to an issue where the group ID could be extracted and/or easily guessed, combined with lack of authentication, leading to being able to craft a reque...
Design/Logic Flaw
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection...
CVE-2017-18108
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection...