16 matches found
EUVD-2026-32602
Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
EUVD-2025-198515
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
PT-2025-47803
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2021-36127
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...
SUSE CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2023-47090
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is...
CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
Grafana org admins can modify permissions across all orgs
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
MediaWiki CentralAuth Information Disclosure Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...
Coppermine Photo Gallery 'lang' Cookie参数本地文件包含漏洞
Bugraq ID: 30480 CNCAN ID:CNCAN-2009052002 Coppermine Photo Gallery是一款基于WEB的图库程序。 Coppermine Photo Gallery不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 在用于包含文件钱传递给"GLOBALSUSERlang"的参数不正确过滤,可导致提交特殊请求以WEB权限查看系统文件内容。 Coppermine Photo Gallery 1.4.22 Coppermine Photo Gallery 1.4.21 Coppermine Photo Gallery...
Serv-U7 provide the right experience Essentials-vulnerability warning-the black bar safety net
Since the author is lazy, does not provide log cleanup feature, it will leave a log: One, the su7 is the right there are several? There are two forms to get rid of su7 in. 1, login to the Administrator Console page ==get the OrganizationId for Add User ==get the global user of the“next new user I...
serv-u7 local exploit (php)-bug warning-the black bar safety net
by emptiness prodigal heart http://www.inbreak.net Note: since the author is lazy, does not provide log cleanup feature, it will leave a log: A, The su7 is the right there are several way? There are two forms to get rid of su7 in. 1, login to the Administrator Console page ==get the OrganizationI...
PHP Classifieds 6.20 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities
PHP Classifieds 6.20 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities source: https://www.securityfocus.com/bid/28521/info PHP Classifieds is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An attacker may leverage these issu...