CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

EUVD-2025-208829

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

EUVD-2026-10937

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks...

Umbraco 安全漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 15.3.1 to 16.5.1 and before, as well as versions prior to 17.2.2, have security vulnerabilities. These vulnerabilities stem from insufficient authorization when modifying...

PT-2026-24487

Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...

PT-2026-22837

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is a management software for technical assistance and invoicing. A privilege escalation and authentication bypass exists in versions 2.9.8 and earlier, allowing an attacker t...

EUVD-2022-2743

Malicious code in bioql PyPI...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden versions prior to 1.32.6 that stems from insufficient permission checking of the Groups in Organizations feature, allowing a...

PT-2024-8121 · Rockwell Automation · Rockwell Automation Products +1

Name of the Vulnerable Software and Affected Versions: Rockwell Automation products affected versions not specified Verve Asset Manager versions prior to v1.38 Description: An improper authorization issue exists in the affected products, potentially allowing an unauthorized user to sign in and...

CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1...

Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

GHSA-X883-2VMG-XWF7 Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

SUSE CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...

SUSE CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

After StoreFront upgrade server groups can no longer propagate changes.

Post upgrade of StoreFront component, propagation fails with below event on Initiating server: Event id 31. An error has occurred during the all server configuration update process. Citrix.DeliveryServices.ConfigurationReplication.Exceptions.ServerUpdateConfigurationException,...

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

[20161204] - Misc. Security Hardening

Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set...

[SECURITY] New Debian xmcd packages released

Package: xmcd Vulnerability: untrustworthy privileged binaries Debian-specific: yes Vulnerable: yes The Debian GNU/Linux xmcd package has historically installed two setuid helpers for accessing cddb databases and SCSI cdrom drives. More recently, the package offered the administrator the chance t...