RHCOS 4 : Red Hat build of MicroShift 4.14.0 (RHSA-2023:5008)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5008 advisory. - kube-apiserver: PrivEsc CVE-2023-1260 - kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin...

EUVD-2022-2979

Malicious code in bioql PyPI...

CVE-2025-47849

CVE-2025-47849 (Apache CloudStack) : Privilege escalation affects CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin in the ROOT domain can obtain the API key and secret key of Admin-role accounts in the same domain, enabling impersonation and access to sensitive APIs and res...

FreeBSD : Mozilla -- privilege scalation attack (ea51e89a-116c-11f0-8b2c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea51e89a-116c-11f0-8b2c-b42e991fc52e advisory. [email protected] reports: The WebChannel API, which is used to transport various information across...

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...

CVE-2025-20156

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could...

CVE-2024-47758

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-9471

A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...

Huawei HarmonyOS Security Bypass Vulnerability (CNVD-2024-11159)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security bypass vulnerability, which is caused by a vulnerability in API privilege validation in the DownloadProviderMain...

CVE-2023-39394

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified...

CVE-2023-39394

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified...

PT-2023-26922 · Unknown · Wifienhance

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the ar...

Improper Privilege Management

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...

CVE-2020-1528 Windows Radio Manager API Elevation of Privilege Vulnerability

...

Access to all file-versions of a user as soon as he has one share with the attacker – ownCloud

------- An authenticated attacker can access all versions of all files even unshared as soon as the owner of said files has at least one outgoing share with the attacker. To attacker needs to guess a file-id which is numeric and sequential. Affected ----- - owncloud/core = v10.0.9 - owncloud/core...

WordPress 3.9.x < 3.9.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Two cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing ...

Getsploit v0.2.2 - Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB , Metasploit , Packetstorm and others. The most powerful feature is immediate exploit source download right in...

Security vulnerabilities fixed in Firefox 59 — Mozilla

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...

CVE-2017-3815

Cisco TelePresence Server API Privilege Vulnerability (CVE-2017-3815) affects Cisco TelePresence Server MSE 8710 processors running software before Release 4.3 in locally managed mode. The issue is an API privilege flaw that could let an unauthenticated, remote attacker emulate TelePresence Serve...