CVE-2025-55736 flaskBlog allows arbitrary privilege escalation

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

Privilege escalation

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role...

User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

The plugin does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. PoC Make a logged in admin open a page with the code below. Then, log in as a subscriber and see that you have full admin access...

CVE-2022-42046

wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation...

Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 XSS / Code Execution

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Affected versions: SteelCentral NetProfiler = 10.8.7 & SteelCentral NetExpress...

Rianxosencabos CMS 0.9 - Arbitrary Add Admin

============================================================ Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...