32 matches found
CVE-2026-9590
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
CVE-2026-9590
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
CVE-2026-9590
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
EUVD-2026-33935
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
CVE-2026-45628
Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...
PT-2026-44932
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child process.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...
CVE-2025-15479
Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...
EUVD-2010-2016
Malware in sbrugna...
EUVD-2002-1906
Malware in sbrugna...
EUVD-2023-0016
Malicious code in bioql PyPI...
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...
CVE-2025-22213
CVE-2025-22213 affects Joomla! media management. Inadequate checks in Media Manager let users with edit privileges change a file’s extension to arbitrary ones (including .php), enabling potential remote code execution. Affected versions include Joomla! 4.x prior to 4.4.12 and 5.x prior to 5.2.5. ...
BIT-AIRFLOW-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
SilverStripe Admin Security Vulnerability
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A security vulnerability exists in Silverstripe Admin version 1.x prior to 1.13.19 and...
Apache Airflow denial of service vulnerability
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
GHSA-X2MH-8FMC-RQGH Apache Airflow denial of service vulnerability
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
CVE-2023-37379
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
Improper access control
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
PYSEC-2023-152
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
Privilege Escalation
silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system...