Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

Summary A Manager account accessall=false was able to escalate privileges by directly invoking the bulk-access API against collections that were not originally assigned to them. The API allowed changing assigned=false to assigned=true, resulting in unauthorized access. Additionally, prior to the...

EUVD-2006-5285

Malware in sbrugna...

EUVD-2025-30805

Malicious code in bioql PyPI...

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

PT-2025-38729

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The web interface of the device contains a flaw that allows information disclosure. An authenticated attacker, even with limited privileges such as a guest account, can obtain hashed passwords for admin,...

389-ds:1.4 security and bug fix update

1.4.3.16-16 - Bump version to 1.4.3.16-16 - Resolves: Bug 1972738 - Changelog cache can upload updates from a wrong starting point CSN - Resolves: Bug 1972721 - Large updates can reset the CLcache to the beginning of the changelog 1.4.3.16-15 - Bump version to 1.4.3.16-15 - Resolves: Bug 1970791 ...

Moderate: Red Hat Security Advisory: 389-ds:1.4 security and bug fix update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

DMA Softlab DMA Radius Manager 跨站请求伪造漏洞

DMA Softlab DMA Radius Manager is an application from DMA Softlab Inc. Easy-to-use management system for Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and DOCSIS CMTS. A cross-site request forgery vulnerability exists in DMA Softlab Radius Manager 4.4.0 that allows adding a new...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-08885)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from a...

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from a...

MaraCMS 7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MaraCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in MaraCMS 7.5 and prior in...

CVE-2020-25252

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials the wstinol password for the manag...

Exploit for Incorrect Authorization in Joomla Joomla\!

Made by HK CVE-2020-10239: Incorrect Access Control in comf...

CVE-2018-8811

Cross-site request forgery CSRF vulnerability in system/workplace/admin/accounts/userrole.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users...

CVE-2006-5300

Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors...

CVE-2006-5300

Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors...

CVE-2005-2188

CVE-2005-2188 affects McAfee IntruShield Security Management System. The flaw allows remote attackers to obtain the Manager account by guessing the user ID included in the URL, enabling a brute-force path to privilege escalation. The common description notes possible privilege gain via brute forc...