CVE-2026-41662

Admidio suffers a Missing Minimum Administrator Check in Role::stopMembership(), before 5.0.9. The code path removes a member from the administrator role without verifying that at least one admin remains; with two admins, sequential removals can leave zero admins, locking out administrative acces...

Admidio Missing Minimum Administrator Check in Role Membership Removal

Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...

Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...

EUVD-2015-1312

Malware in sbrugna...

CVE-2025-6318

A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. This vulnerability affects unknown code of the file /admin/checkavailability.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit ha...

PYSEC-2025-96

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...

CVE-2024-50702

Summary: CVE-2024-50702 affects TeamPass prior to 3.1.3.1. The vulnerability arises from improper authorization checks in the mail_me/action_mail operation, allowing an unauthorized actor to perform actions intended for administrators or managers. Documents consistently describe this as an author...

CVE-2020-36714

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the isadministrator function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions...

PT-2023-11856 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy plugin for WordPress versions up to, and including, 1.0.125 Description: The issue is related to an incorrect capability check on the is administrator function, which allows authenticated attackers to bypass authorization and access...

WordPress Plugin Brizy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PrivateUploader License Issue Vulnerability

PrivateUploader is the ultimate open source image uploader and file storage solution. An authorization issue vulnerability exists in versions prior to PrivateUploader 3.2.49, which stems from not properly validating whether a user is an administrator high level or a moderator low level, causing...

SUSE CVE-2015-1170

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API...

VulnCheck KEV: CVE-2020-36714

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the isadministrator function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions...

NVIDIA Graphics Driver Local Privilege Escalation

The remote Windows host has a driver installed this is affected by a privilege escalation vulnerability due to a failure to properly validate local client impersonation levels when performing a kernel administrator check. A local attacker can exploit this issue, via unspecified API calls, to gain...

Code injection

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API...