CVE-2026-42408 BIG-IP DNS tmsh vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-20136

CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...

EUVD-2026-5238

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

CVE-2025-1547

A stack-based buffer overflow vulnerability CWE-121 in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through...

WordPress Tiger Premium theme <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton - Wordfence in WordPress Theme Tiger versions = 101.2.1...

EUVD-2025-4641

Malicious code in bioql PyPI...

EUVD-2025-9708

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

CVE-2025-0151

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access...

CVE-2024-12284

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows...

CVE-2024-12284

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

CVE-2023-46806

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

CVE-2023-47683 WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Privilege Escalation.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a through 7.6.6...

PT-2023-23224 · Unknown · Ac-Pd-Wapum-P +5

Name of the Vulnerable Software and Affected Versions: AC-PD-WAPU versions 1.05 B04 and earlier AC-PD-WAPUM versions 1.05 B04 and earlier AC-PD-WAPU-P versions 1.05 B04P and earlier AC-PD-WAPUM-P versions 1.05 B04P and earlier AC-WAPU-300 versions 1.00 B07 and earlier AC-WAPUM-300 versions 1.00 B...

Exploit for Exposure of Resource to Wrong Sphere in Phpgurukul_Blood_Donor_Management_System_Project Phpgurukul_Blood_Donor_Management_System

CVE-2022-38813 Veritical Privilege Escalation via user parame...

CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...

ProfilePress Plugin for WordPress 3.x < 3.1.4 Multiple Vulnerabilities

The WordPress ProfilePress Plugin installed on the remote host is affected by multiple vulnerabilities : - An unauthenticated privilege escalation exists when supplying wpcapabilties as an array parameter while registering. CVE-2021-34621 - An authenticated privilege escalation exists within the...

WordPress ProfilePress plugin 3.0 – 3.1.3 - Authenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest available versi...

WordPress Store Locator Plus plugin <= 5.5.14 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability discovered by WordFence in WordPress Store Locator Plus plugin versions = 5.5.14. Solution Update the WordPress Store Locator Plus plugin to the latest available version at least 5.5.15...