44 matches found
CVE-2026-49374
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...
CVE-2026-49374
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...
CVE-2026-49374
CVE-2026-49374 affects JetBrains TeamCity before 2026.1, where improper permission checks exposed build configuration parameters. The CVSS 3.1 base score is 7.6 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, and UI none. Impact: Confidentiality HIGH, Integrity...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...
Lenovo Software Fix 安全漏洞
Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification. This vulnerability may allow locally authenticated users to execute arbitrary code with elevated privileges...
Conecteo Kiamo 安全漏洞
Conecteo Kiamo is a multi-channel customer interaction and contact center management platform developed by the French company Conecteo. Versions of Conecteo Kiamo prior to version 8.4 contained security vulnerabilities. These vulnerabilities were due to improper permission verification, which cou...
PT-2026-30861
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.has object permission returns True for all HTTP methods —...
CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...
CVE-2026-24732 Improper permission checks in Extension:NSFileRepo
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...
CVE-2026-24732
CVE-2026-24732 affects Hallo Welt! GmbH BlueSpice Extension:NSFileRepo, with vulnerable versions 5.1–5.1.5 and 5.2–5.2.0. The issue is improper permission checks in the extension, allowing access to functionality not properly constrained by ACLs and bypassing electronic locks and access controls....
GHSA-4QVV-G3VR-M348 Wagtail has improper permission handling on admin preview endpoints
Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...
CVE-2025-12654
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...
EUVD-2018-15568
Malware in sbrugna...
EUVD-2014-8377
Malware in sbrugna...
EUVD-2023-38316
Malicious code in bioql PyPI...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking, which could lead to local elevation of privileges...
CVE-2024-42453
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...
Atlassian Confluence 3.7.x < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.0 / 9.2.0 (CONFSERVER-98713)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98713 advisory. - In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client...
CVE-2024-42453
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...
CVE-2024-42453
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...