91 matches found
CVE-2026-33390
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-33390
Summary: CVE-2026-33390 affects Arc sensors’ synchronization in Guardian/CMC prior to version 26.2.0. The root cause is an incorrect privilege assignment where Arc sensors receive CLI permissions during sync, allowing an authenticated user with limited privileges to issue administrative CLI comma...
CVE-2026-33390
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-40502
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
EUVD-2026-23141
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
CVE-2026-40502
OpenHarness (before commit dd1d235) contains a remote command-injection in the gateway handler that lets remote gateway users with chat access execute administrative commands (e.g., /permissions full_auto) to alter a running instance without operator authorization. The CVSS metrics indicate a net...
CVE-2023-54340 WorkOrder CMS 0.1.0 - SQL Injection
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...
CVE-2025-3719
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
EUVD-2016-10303
Malware in sbrugna...
EUVD-2022-48187
Malicious code in bioql PyPI...
EUVD-2023-32591
Malicious code in bioql PyPI...
EUVD-2025-21715
Malicious code in bioql PyPI...
EUVD-2023-37606
Malicious code in bioql PyPI...
EUVD-2021-8688
Malicious code in bioql PyPI...
CVE-2025-53943
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2025-53943
VoidBot Open-Source (Discord bot) versions 0.0.1–0.8.1 have a vulnerability in the command handler where permission checks are not properly enforced, allowing users without required roles/privileges to execute sensitive admin commands (ban, kick, shutdown). The root cause is insufficient access c...
CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2022-45287
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands...