CVE-2026-33177

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...

Sensitive Data Exposure

Apache Superset is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper serialization of sensitive fields in the API response, where authenticated users with low privileges can retrieve sensitive user information, including password hashes, email addresses, and login...

PT-2026-1327

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. In affected versions, users with limited privileges can view the private key belonging to the...

Arista DANZ Monitoring Fabric 安全漏洞

Arista DANZ Monitoring Fabric is a traffic monitoring, security, and performance analytics platform from Arista USA. A security vulnerability exists in Arista DANZ Monitoring Fabric that originates from a restricted user being able to view sensitive portions of the configuration database via the...

PT-2025-40984

Name of the Vulnerable Software and Affected Versions versions prior to 2025-3719 Description An access control issue exists in the Command Line Interface CLI functionality. A specific access restriction is not properly enforced for users with limited privileges. This allows an authenticated user...

CVE-2025-46718

Summary: CVE-2025-46718 affects the Rust implementation of sudo-rs prior to 0.2.6. A limited sudo privilege (e.g., allowing a single command) can be exploited to enumerate the sudoers file using the -U flag, exposing sensitive information about other users’ permissions. This is a local attack wit...

CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

CVE-2024-28029

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality...

CVE-2023-6140

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution...

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

Search API attachments - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-034

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes. The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code executio...

WebEx Local Service Permissions Code Execution Exploit

This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...

WebEx - Local Service Permissions Exploit (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Local Service Permissions Exploit', 'Description' = %q This module exploits a flaw in the 'webexservice' Windows service, which runs as...

WebEx Local Service Permissions Exploit

This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

Проблема с login в HP (shell access)

Пользователи с ограниченным шелом могут выполнять команды...