13 matches found
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...
Azure Linux 3.0 Security Update: polkit (CVE-2025-7519)
The version of polkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-7519 advisory. - A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an...
CBL Mariner 2.0 Security Update: polkit (CVE-2025-7519)
The version of polkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-7519 advisory. - A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an...
CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...
PT-2025-29465
Name of the Vulnerable Software and Affected Versions: polkit affected versions not specified Description: A flaw exists in polkit where processing an XML policy with 32 or more nested elements in depth can trigger an out-of-bounds write. This can lead to a crash or unexpected behavior, with the...
CVE-2024-55954
OpenObserve CVE-2024-55954 affects the DELETE /api/{org_id}/users/{email_id} endpoint, where insufficient role checks in remove_user_from_org allow an Admin to remove a Root user. The root cause is improper authorization within the user management endpoint, enabling a non-root to delete a highest...
PT-2024-8001 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can allow a remote attacker to exploit the vulnerability and potentially disclose confidential information. A technici...
CVE-2021-21918
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘namefilter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery...
CVE-2021-21919
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack...
Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS
The plugin suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. Note WPScanTeam: The CSRF has ben fixed and proper capability checks have also been adde...
CVE-2020-28999
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library...
CVE-2020-9279
CVE-2020-9279 affects D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded management-interface account allows login with high privileges, enabling the attacker to perform critical tasks and take full control of the device. The issue is exploitable remotely over the management interface (network ac...
The multi-mode Server-bug warning-the black bar safety net
Find the configuration file, read the web site directory under the config. asp config.php conn. asp inc directory find a high-privilege account and password For example: the root password SA password. // CH the following variables, according to the space provided of the account parameters to...