CVE-2022-31011

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

EUVD-2024-26103

Malicious code in bioql PyPI...

EUVD-2023-40031

Malicious code in bioql PyPI...

EUVD-2025-11760

Malicious code in bioql PyPI...

EUVD-2024-46005

Malicious code in bioql PyPI...

EUVD-2022-25908

Malicious code in bioql PyPI...

EUVD-2024-41316

Malicious code in bioql PyPI...

CVE-2025-22477

Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2025-29774

CVE-2025-29774 concerns the xml-crypto Node.js library. The issue allows an attacker to modify a valid signed XML message such that signature verification still passes, enabling bypass of authentication/authorization in systems that rely on xml-crypto for verifying signed XML. Affected versions a...

CVE-2024-40587

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-43176

CVE-2024-43176 affects IBM OpenPages 9.0. The issue arises from improper authorization checks on APIs, allowing an authenticated user to obtain sensitive information (configurations) that should be privileged. The IBM security bulletin confirms the affected version and provides remediation: apply...

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

CMS Made Simple File Manager Remote Code Execution (CVE-2018-1000094)

A remote command execution vulnerability exists in the File Manager interface of CMS Made Simple 2.2.5. By uploading a malicious file, an authenticated attacker with administrator privileges can exploit this vulnerability for execution of arbitrary code...

CVE-2016-7254

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."...

CVE-2000-1159

NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands...