22 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the admin/login process. An attacker can gain unauthorized access to administrative backend functionality by leveraging insufficient role-based access control checks during authentication. This is only...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the IdentityProvider service. An attacker can gain unauthorized access to modify or delete registered identity providers by leveraging low-level privileges, potentially resulting in account takeover or service...
EUVD-2018-2329
Malware in sbrugna...
EUVD-2023-31481
Malicious code in bioql PyPI...
CVE-2025-55373
Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights...
CVE-2023-27745
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server...
CVE-2024-56902
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...
CVE-2024-56898
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts...
CVE-2024-56902
Geovision GV-ASManager GV-ASWeb (versions 6.1.0.0 and earlier) have an information-disclosure flaw that can expose account information, including cleartext passwords. CVSS v3.1 base score 7.5 (HIGH): network exploit, no user interaction, no privileges required, with confidentiality impact. Public...
CVE-2024-41332
Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...
CVE-2024-41332
Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...
CVE-2024-41332
Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...
CVE-2024-41332
CVE-2024-41332 affects Sourcecodester Computer Laboratory Management System v1.0. The issue is an incorrect access control in the delete_category function that lets authenticated users with low privileges arbitrarily delete categories. Public references indicate a privilege-escalation path via a ...
CVE-2023-27745
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server...
CVE-2023-27745
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server...
PT-2022-25878 · 74Cmsse · 74Cmsse
Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. Recommendations: For 74cmsSE version 3.12.0, at the...
CVE-2022-41471
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account...
Input validation
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2022-27883
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this...
CVE-2018-10258
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...