25 matches found
PT-2026-48941
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the scheme admin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate...
EUVD-2020-11490
Malware in sbrugna...
EUVD-2019-19312
Malware in sbrugna...
EUVD-2020-2592
Malware in sbrugna...
EUVD-2009-2843
Malware in sbrugna...
EUVD-2023-43962
Malicious code in bioql PyPI...
EUVD-2025-16622
Malicious code in bioql PyPI...
EUVD-2022-47047
Malicious code in bioql PyPI...
CVE-2025-55736
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...
CVE-2025-3671 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...
CVE-2024-32371
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0...
CVE-2021-40385
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin...
CVE-2025-2563
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...
CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...
PT-2025-6261 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9, and prior to 7.0.15 FortiOS versions 6.4.x Description: The issue is related to an incorrect privilege assignment in FortiOS, allowing an authenticated admin with the Security...
CVE-2025-24648
CVE-2025-24648 affects WordPress Admin and Site Enhancements (ASE) plugin versions n/a through 7.6.2.1. The issue is an Incorrect Privilege Assignment that allows Privilege Escalation, with CVSS v3.1 base score 7.5 ( HIGH ) and network attack vector, high complexity, low privileges required, no u...
PYSEC-2024-200
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
SQL Injection
ezsystems/ezpublish-kernel is vulnerable to Privilege Escalation. The vulnerability exists due to improper privilege management in the admin role, which allows attackers to bypass the admin policy and assign any role to any user...
CVE-2022-3911 iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...
Privilege Escalation
ezsystems/ezplatform-admin-ui is vulnerable to privilege escalation. The vulnerability exists because the library does not properly handle the Company admin role, allowing an admin user to assign any role to any user...