Lucene search
K

32 matches found

RedHat Linux
RedHat Linux
added 3 days ago4 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/04 5:3 p.m.27 views

CVE-2026-20001 Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 9:11 p.m.9 views

CVE-2025-62575 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

8.7CVSS0.00367EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0083

Malware in sbrugna...

7.2CVSS6.6AI score0.02106EPSS
Exploits1References22
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.6 views

CVE-2023-6538

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific...

7.6CVSS6.5AI score0.01583EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.8 views

PT-2024-27 · Unknown · Pt Sandbox +1

Name of the Vulnerable Software and Affected Versions: PT MultiScanner and PT Sandbox affected versions not specified Description: The issue is related to the lack of protection for the web page structure in PT MultiScanner and PT Sandbox. This could allow a remote attacker to execute JavaScript...

9CVSS7.3AI score
Exploits0References4
Prion
Prion
added 2024/02/08 11:15 p.m.28 views

Design/Logic Flaw

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

6.5CVSS7.3AI score0.00716EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/02/08 11:9 p.m.42 views

CVE-2024-24830 OpenObserve Privilege Escalation Vulnerability in Users API

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

9.9CVSS9.5AI score0.00716EPSS
Exploits1References1
NVD
NVD
added 2023/12/11 6:15 p.m.23 views

CVE-2023-6538

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific...

7.6CVSS0.01583EPSS
Exploits5References1
Prion
Prion
added 2023/12/11 6:15 p.m.20 views

Information disclosure

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific...

4CVSS6.8AI score0.01583EPSS
Exploits5References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/07/14 2:4 a.m.4 views

SUSE CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS6.9AI score0.00992EPSS
Exploits0References3
OSV
OSV
added 2023/07/13 9:15 a.m.31 views

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

4.9CVSS7.1AI score
Exploits0References2
NVD
NVD
added 2023/07/13 9:15 a.m.25 views

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS0.00992EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/07/13 9:15 a.m.29 views

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS6AI score0.00992EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 9:15 a.m.25 views

Code injection

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

3.3CVSS5.1AI score0.00992EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/13 8:24 a.m.40 views

CVE-2023-29449 Limited control of resource utilization in JS preprocessing

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS6AI score0.00992EPSS
Exploits0References1
CVE
CVE
added 2023/07/13 8:24 a.m.85 views

CVE-2023-29449

CVE-2023-29449 affects Zabbix frontend components related to JavaScript preprocessing, webhooks and global scripts. The issue is described as causing uncontrolled CPU, memory, and disk I/O utilization when these features are configured or tested, with access restricted to Administrative roles (Ad...

5.9CVSS5.6AI score0.00992EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/07/13 8:24 a.m.23 views

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS5.2AI score0.00992EPSS
Exploits0
Veracode
Veracode
added 2022/07/26 3:27 a.m.23 views

Authorization Bypass

drupal7 is vulnerable to authorization bypass. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles...

9.8CVSS8.5AI score0.00545EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.8 views

GHSA-J36M-HV43-7W7M OpenStack Identity service (keystone) Incorrect Authorization

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

8.6CVSS6.7AI score0.02106EPSS
Exploits1References13
Rows per page
Query Builder