2459520 matches found
CVE-2026-57518
Pagekit CMS 1.0.18 contains a privilege escalation flaw in UserApiController::saveAction(). Authenticated users with the 'user: manage users' permission can assign arbitrary custom roles to themselves, including roles with 'system: manage packages' permission, enabling them to upload and install ...
EUVD-2026-39795
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...
CVE-2026-57518 Pagekit CMS 1.0.18 Privilege Escalation via UserApiController
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...
CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...
CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...
EUVD-2023-60598
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...
CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...
CVE-2023-20572
CVE-2023-20572 describes a timing discrepancy in the ASP that could enable a local attacker to brute-force the hash message authentication code, risking data integrity. The connected AMD bulletin AMD-SB-4012 references potential vulnerabilities on AMD Client Processor platforms affecting ASP and ...
CVE-2026-0685
Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...
CVE-2026-0685 Server side template inject (SSTI) in Edgewall Genshi Template Engine
Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...
EUVD-2026-39792
Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...
CVE-2026-0685 Server side template inject (SSTI) in Edgewall Genshi Template Engine
Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...
CVE-2026-0685
CVE-2026-0685 affects the Genshi Template Engine (version 0.7.9). The SSTI vulnerability arises in the expression evaluation component due to unsafe use of Python’s eval() and exec() with fallback to Python built-ins, enabling arbitrary code execution if an attacker can influence template express...
CVE-2023-20540
CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...
CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...
CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...
EUVD-2023-60597
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...
CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...
Malicious code in @immobiliarelabs/backstage-plugin-gitlab-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096fc86987f4a25a5fb6572968e0c7309d71ed3e6ab16c239427de98c7d30ae7 The package ships a binding.gyp at the package root whose contents use GYP command-expansion syntax !... inside its targets/sources fields. npm...
MAL-2026-6527 Malicious code in @immobiliarelabs/backstage-plugin-gitlab-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096fc86987f4a25a5fb6572968e0c7309d71ed3e6ab16c239427de98c7d30ae7 The package ships a binding.gyp at the package root whose contents use GYP command-expansion syntax !... inside its targets/sources fields. npm...