Lucene search
K

197948 matches found

Ivanti
Ivanti
added 2026/10/03 9:26 a.m.36 views

Security Advisory Ivanti DSM (CVE-2026-3483)

Security Advisory Ivanti DSM CVE-2026-3483 Summary Ivanti has released an update for Ivanti Desktop and Server Management DSM which addresses one high severity vulnerability. Successful exploitation could allow an attacker to elevate their local privileges. We are not aware of any customers being...

7.8CVSS5.8AI score0.00397EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added yesterday9 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02593EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added yesterday9 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.08963EPSS
Exploits8References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41767

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from =0.6.3 before 0.6.6...

7.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-6509

The CVE is for Pardus Update (Pardus OS) with a Missing Authorization vulnerability that allows Privilege Escalation in versions

7.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-14719

CVE-2026-14719 describes a privilege-management flaw in SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerable component is the register.php file of the Registration Endpoint. An attacker can manipulate the role parameter to achieve improper privilege management, and th...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-41733

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday119 views

KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

9CVSS7.2AI score0.09919EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday24 views

Acmailer - Improper Access Control to OS Command Injection

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...

10CVSS7.4AI score0.07871EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday14 views

Kramer VIAware - Privilege Escalation and Remote Code Execution

Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...

10CVSS8.1AI score0.70753EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday17 views

WordPress ProfilePress <= 3.1.3 - Privilege Escalation

ProfilePress plugin before 3.1.4 allows privilege escalation. Due to insufficient validation in the profile update functionality, authenticated users can supply arbitrary usermeta fields, including wpcapabilities, during profile updates. This enables a user to escalate their privileges to...

9.8CVSS7.3AI score0.0412EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday25 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.7AI score0.70947EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday7 views

CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. id: CVE-2024-31839 info: name: CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting author: riteshs4hu severity:...

4.8CVSS6.9AI score0.08104EPSS
Exploits6References2
Nuclei
Nuclei
added yesterday19 views

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

9.8CVSS7.2AI score0.02112EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday19 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's...

9.8CVSS6AI score0.02333EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday28 views

WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. id: CVE-2024-28000 info: name: WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin...

9.8CVSS7.4AI score0.68266EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday34 views

WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS5.9AI score0.04156EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday11 views

MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

9.8CVSS7.2AI score0.02888EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday20 views

KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)

Reflective Cross Site Scripting XSS vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APPHOST parameter at config/i18n/en/main.php. id: CVE-2023-49489 info: name: KodeExplorer 4.51 - Reflective Cross Site Scripting XSS...

6.1CVSS6.4AI score0.00726EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday12 views

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS7.2AI score0.08975EPSS
Exploits2References3
Rows per page
Query Builder