17 matches found
EUVD-2021-17081
Malware in sbrugna...
EUVD-2020-23739
Malware in sbrugna...
EUVD-2024-54082
Malicious code in bioql PyPI...
EUVD-2023-0333
Malicious code in bioql PyPI...
EUVD-2023-44232
Malicious code in bioql PyPI...
CVE-2025-20323
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...
CVE-2025-52969
ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables...
CVE-2025-52969
CVE-2025-52969 is described in connected Red Hat and other sources as affecting ClickHouse 25.7.1.557, where low-privileged users can execute shell commands by querying existing Executable() tables created by higher-privileged users. The vulnerability stems from missing access control that preven...
CVE-2024-3505
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...
CVE-2024-42371
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the...
CVE-2023-28870
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts...
CVE-2023-42231
Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function...
CVE-2022-32256
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information...
Splunk Enterprise 9.1.0 < 9.1.8, 9.2.0 < 9.2.5, 9.3.0 < 9.3.3 (SVD-2025-0301)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0301 advisory. - In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104,...
PT-2025-7052 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.18 Description: A low-privileged user can enable debug mode and access sensitive information. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents...
CVE-2020-9046
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files...
Design/Logic Flaw
SECUDOS Qiata DOMOS OS 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user...