45 matches found
CVE-2026-32715
CVE-2026-32715 | AnythingLLM in versions up to 1.11.1 has a privilege bypass where two generic system-preferences endpoints expose manager-level access, bypassing admin-only restrictions. This allows a manager to read plaintext SQL database credentials and overwrite admin-only global settings (e....
CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...
CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
EUVD-2018-11568
Malware in sbrugna...
EUVD-2017-15652
Malware in sbrugna...
EUVD-2018-11569
Malware in sbrugna...
EUVD-2020-28708
Malware in sbrugna...
EUVD-2018-11570
Malware in sbrugna...
EUVD-2020-24651
Malware in sbrugna...
EUVD-2018-11571
Malware in sbrugna...
CVE-2025-47993
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
CVE-2025-46014
Honor PC Manager v16.0.0.118 is affected by a privilege escalation due to misconfigured security on the named pipe iMateBookAssistant. The issue arises from default/overly permissive security attributes leading to high-impact confidentiality, integrity, and availability risks. CVSS v3.1: Network ...
CVE-2025-3611
Mattermost Server: CVE-2025-3611 affects versions 10.7.x <=10.7.0, 10.5.x <=10.5.3, and 9.11.x
CVE-2020-24743
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2013-4831
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...
CVE-2025-3476
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4...