42 matches found
CVE-2026-8110
CVE-2026-8110 affects the Ivanti Endpoint Manager agent prior to 2024 SU6. The issue is an incorrect permissions assignment in the agent that allows a local authenticated attacker to escalate privileges (local, low complexity, no user interaction). The impact is elevated confidentiality, integrit...
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained security vulnerabilities. These vulnerabilities were due to improper delegation of permissions by agents, which could...
CVE-2026-28264
Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence AI agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to...
Jenkins has a stored XSS vulnerability in node offline cause description
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
CVE-2026-27099
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
CVE-2026-27099
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
CVE-2026-27099
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
PT-2026-20433
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.483 through 2.550 Jenkins LTS versions 2.492.1 through 2.541.1 Description The application does not properly sanitize user-supplied data within the description field of the "Mark temporarily offline" functionality. This can...
CVE-2019-18179
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...
CVE-2025-69221
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...
CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...
CVE-2025-69221
CVE-2025-69221 concerns LibreChat, a ChatGPT–clone. In version 0.8.1-rc2, access control when querying agent permissions is insufficient: an authenticated attacker can read permissions for arbitrary agents, including permissions assigned to other users, even when they lack rights for that agent. ...
CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...
CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...
EUVD-2025-206263
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...
PT-2026-1933
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.2-rc2 Description LibreChat, a ChatGPT clone with additional features, does not properly enforce access control when querying agent permissions in version 0.8.1-rc2. An authenticated attacker can read the...
EUVD-2025-84339
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...
EUVD-2019-2128
Malware in sbrugna...
EUVD-2021-22729
Malware in sbrugna...