88 matches found
CVE-2026-40502
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
EUVD-2026-23141
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
CVE-2026-40502
OpenHarness (before commit dd1d235) contains a remote command-injection in the gateway handler that lets remote gateway users with chat access execute administrative commands (e.g., /permissions full_auto) to alter a running instance without operator authorization. The CVSS metrics indicate a net...
CVE-2023-54340
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...
CVE-2025-3719
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
EUVD-2016-10303
Malware in sbrugna...
EUVD-2023-32591
Malicious code in bioql PyPI...
EUVD-2021-8688
Malicious code in bioql PyPI...
EUVD-2022-48187
Malicious code in bioql PyPI...
EUVD-2025-21715
Malicious code in bioql PyPI...
EUVD-2023-37606
Malicious code in bioql PyPI...
CVE-2025-53943
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2025-53943
VoidBot Open-Source (Discord bot) versions 0.0.1–0.8.1 have a vulnerability in the command handler where permission checks are not properly enforced, allowing users without required roles/privileges to execute sensitive admin commands (ban, kick, shutdown). The root cause is insufficient access c...
CVE-2022-45287
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands...
CVE-2021-21382
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship...
WatchGuard Authentication Gateway 安全漏洞
WatchGuard Authentication Gateway WatchGuard Single Sign-On Agent is an authentication gateway from WatchGuard USA. A security vulnerability exists in WatchGuard Authentication Gateway version 12.10.2 and earlier, which stems from improper authorization checking and allows an attacker with networ...
PT-2023-26176 · Unknown · Cryptomator
Name of the Vulnerable Software and Affected Versions: Cryptomator versions prior to 1.9.2 Description: The issue affects data encryption software for cloud storage, allowing local privilege escalation for low-privileged users if the software is already installed. This occurs because the repair...