Craft CMS 5.9.x < 5.9.11 Stored XSS (GHSA-3x4w-mxpf-fhqq)

The version of Craft CMS installed on the remote host is 5.9.x prior to 5.9.11. It is, therefore, affected by a cross-site scripting vulnerability: - The revision/draft context menu in the element editor renders the creator's fullName as raw HTML due to the use of Template::raw combined with...

Craft CMS Vulnerable to Stored XSS in Revision Context Menu

The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...

CVE-2025-12158

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...

EUVD-2024-40455

Malicious code in bioql PyPI...

📄 Microsoft SQL Server 2016 / 2017 / 2019 / 2022 Privilege Escalation

Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from a database privilege escalation vulnerability from ALTER ANY LOGIN To SYSADMIN. Title: MSSQL Database Privilege Elevation From ALTER ANY LOGIN To SYSADMIN Product: Microsoft SQL Server Vendor: Microsoft Affected Versions: SQL...

Alert Enterprise Guardian 安全漏洞

Alert Enterprise Guardian is a physical identity and access management system open-sourced by Alert Enterprise in the United States. A security vulnerability exists in Alert Enterprise Guardian version 4.1.14.2.2.1, which originates from elevation to administrator privileges via the IsAdminApprov...

Security update for slurm_23_02

This update for slurm2302 fixes the following issues: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Patch Instructions: To install this SUSE update use the SUSE recommended...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.3 and 8.1.x through 8.1.12, which stems from the presence of an issue where a team administrator can promote a guest to a team...

Input validation

Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator...

VMware Thinapp 代码问题漏洞

VMware Thinapp is a suite of application virtualization and portable application creators from Vmware USA that packages regular applications to make them portable. VMware Thinapp A code issue vulnerability exists that stems from VMware Thinapp versions prior to 5.2.10 contain a DLL hijacking...

CVE-2019-17201

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...

PT-2020-9881 · Fasttrack · Fasttrack Admin By Request

Name of the Vulnerable Software and Affected Versions: FastTrack Admin By Request version 6.1.0.0 Description: The issue concerns the elevation of privileges to Administrator level. Normally, group policies restrict this ability to a select range of users. However, when a user without direct acce...

Mao10cms最新版本可遍历所有用户id致可CSRF提升自己为管理员

简要描述： Mao10cms最新版本可遍历所有用户id致可CSRF提升自己为管理员 测试版本为官方最新版Mao10CMS V3.3.4 详细说明： 看到这个 WooYun: Mao10cms最新版本存在CSRF越权导致管理员发表文章 ，我也来个CSRF，这容易实现，给管理员发条站内信或者留言说自己的商品或网站有问题了，求帮助。热心的管理员就点链接啦。 要提升自己为管理员，首先要知道自己的id，mao10cms可以这样获得自己的id，并且可以遍历所有用户（包括管理员）的用户名及id（无需登陆）。...

nt.ie5.scheduler.txt

Subject: Windows NT Task Scheduler vulnerability allows user to administrator elevation Date: Thu Dec 02 1999 00:00:50 Author: Arne Vidstrom Hi all, We've found a vulnerability that the installation of Internet Explorer 5 introduces in Windows NT through the Task Scheduler service. This...