Password Exposure in Brocade Fabric OS before 9.2.1 (CVE-2025-58379)

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...

CVE-2026-21483 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

Linux Distros Unpatched Vulnerability : CVE-2025-62395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing...

EUVD-2019-7299

Malware in sbrugna...

EUVD-2024-3416

Malicious code in bioql PyPI...

CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...

BIT-SUPERSET-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

GHSA-35FC-9HRJ-3585 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

CVE-2024-53949

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

CVE-2024-0832

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package...

Privilege Context Switching Error

github.com/kubernetes-incubator/cri-o is susceptible to privilege context switching error. The vulnerability exists in handling ambient capabilities. During container execution, containers running with elevated privileges may allow a user with lower privilege to perform abilities they should not...