22 matches found
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible id: CVE-2024-27199 info: name: TeamCity 2023.11.4 - Authentication Bypass author: DhiyaneshDk severity: high description: | In JetBrains TeamCity before 2023.11.4 path traversal allowing t...
CVE-2026-9795
A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...
CVE-2026-9795
The CVE-2026-9795 entries describe a flaw in Keycloak's Fine-Grained Admin Permissions (FGAPv2). An administrator with limited client-management perms can assign any realm role to a client's scope mapping, bypassing controls, causing the injected role to appear in a user’s authentication token an...
EUVD-2026-32710
A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...
EUVD-2025-206603
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...
EUVD-2017-7364
Malware in sbrugna...
EUVD-2024-46757
Malicious code in bioql PyPI...
CVE-2024-5558
CWE-367: Time-of-check Time-of-use TOCTOU Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account...
CVE-2024-5558
CWE-367: Time-of-check Time-of-use TOCTOU Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account...
CVE-2024-5558
CVE-2024-5558 is a TOCTOU race condition vulnerability in Schneider Electric SpaceLogic AS-P (and AS-B) prior to or at version 5.0.3, enabling privilege escalation via abuse of a restricted admin account. The Red Hat/NVD entries describe CWE-367; CNNVD specifies SpaceLogic AS-P v5.0.3 and earlier...
PT-2024-4202 · Schneider Electric · Spacelogic As-B
Name of the Vulnerable Software and Affected Versions: Schneider Electric SpaceLogic AS-P and SpaceLogic AS-B affected versions not specified Description: A Time-of-check Time-of-use TOCTOU Race Condition issue exists, potentially allowing an attacker to escalate privileges by abusing a limited...
CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible Rapid7 Analysis Overview CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue CWE-22 and has a CVSS base score ...
CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible...
Path traversal
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible...
CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible...
Unrestricted file upload
Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...
CVE-2017-15948
Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...
CVE-2017-15948
Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...
CVE-2017-15948
Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...
ZyXEL ZyWALL USG client side authorization config disclosure
Details ======= Product: ZyXEL USG Unified Security Gateway appliances ZyWALL USG-20 ZyWALL USG-20W ZyWALL USG-50 ZyWALL USG-100 ZyWALL USG-200 ZyWALL USG-300 ZyWALL USG-1000 ZyWALL USG-1050 ZyWALL USG-2000 Possibly other ZLD-based products Affected Versions: Firmware Releases before April 25, 20...